If you set ValidateRequest="true" or remove the ValidateRequest page attribute, ASP.NET request validation rejects the script input and produces an error similar to the following:
A potentially dangerous Request.Form value was detected from the client (txtString="<script>alert('hello...").

 

Detailed information can be found in http://msdn.microsoft.com/en-us/library/ff647397.aspx .

 

Regards,

Eric