Hello.

I've been pondering an ASP.Net security concern: while it blocks potentially harmful querystring characters by default, turning this off puts the onus of validation on developers. I'm exploring the idea of a declarative approach to query parameter validation, where developers define predicates (like data types) for expected parameters within the Page Class definition itself. This could simplify validation and ensure data is HTML-safe before reaching the developer. This would streamline validation compared to using custom validators. I'm considering the benefits and implementation details of such an approach.