In Sitecore 9.3, SuppressFormValidation is not available, what is the replacement?

William: 19 May 2022

We are upgrading from Sitecore 8.2 to 9.3. In our 8.2 solution, there is a patch created with the type SuppressAdfsFormValidation

         <processor patch:instead="*[@type='Sitecore.Pipelines.PreprocessRequest.SuppressFormValidation, Sitecore.Kernel']" type="Sample.Pipelines.PreprocessRequest.SuppressAdfsFormValidation, Sample" />

which inherits PreProcessRequestProcessor and here is the implementation provided below:

public class SuppressAdfsFormValidation : PreprocessRequestProcessor
    public override void Process(PreprocessRequestArgs args)
        Assert.ArgumentNotNull(args, "args");

            new SuppressFormValidation().Process(args);
        catch (HttpRequestValidationException)
            string rawUrl = args.HttpContext.Request.RawUrl;
            if (!rawUrl.Contains("sample item") && !rawUrl.Contains("secure") && !rawUrl.Contains("login"))

We could not find the SuppressFormValidation() in

Sitecore.Kernel.dll( -> Sitecore.Pipelines.PreProcessRequestProcessor

Could you please suggest if there is any alternative to implement this feature?

Henry: 19 May 2022

I think this processor was added only for sitecore 8 because the request validation has been changed in .NET 4.0 and it was breaking the content editor, if you take a look at the current implementation you'll see that this processor is introduced for this:

Suppresses the form validation excheption that has been introduced in .NET 4.0 for Sitecore backend.

Please also take a look at the post and the sitecore KB article

However this processor is disabling completely the validation and if you would write cross site queries like ?<script>alert('attack');</script> the page would still load normally. To fix this you would have needed to override the processor like described here Hence it was removed in newer sitecore versions and I wouldn't recommend to preserve this functionality after you upgrade.

If you need to disable the request validation I think you should try to handle it at the page level instead of the whole website.