I've got an ASP.NET 4 site on which I want to allow people to put '<' in their password. However, .NET gets in the way by blocking (what it sees as) an attempt to put HTML in a form field. I know I can turn off input validation entirely, but I only want to turn it off for this one field. Does anyone know an easy way to do that?
You can only turn off input validation for the entire page. The only solution I can think of is to turn off the input validation, and then scrub all the other (non-password) input fields using something like Anti-XSS.