requestValidationMode attribute in ASP.NET is used to configure built-in validation to
protect applications against code injections. Downgrading or disabling
this configuration is not recommended. The default value of 4.5
is the only recommended value, as previous versions only test a subset of requests.
requestValidationMode to 4.5, or leave it at its default value.
The following example shows the
attribute set to a value of 4.0, which disables some protections and
Setting the value to 4.5 enables request validation for all requests: