ASP.NET by default handles Request Validation. This is usual to avoid attacks where people can attack your site by sending it code to execute. However, sometimes you want to turn this feature off. It is obviously important to know what you are doing when turning this off.

If you try to post certain code or XML to your own site, you will be met with the following screen.

This tells you that a potentially dangerous Request.Form value was detected.

To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section.  However, it is strongly recommended that your application explicitly check all inputs in this case.  For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.