Do sites like Stackoverflow or asp.net use validateRequest= "false" at their page directive? If "Yes" then how they are checking the user input and if "NO" then how they are able to postback the data ?
The main things Validate Request is looking for are < and > characters, to stop you opening your site up to malicious users posting script and or HTML to your site.
Answer to the second question When ValidateRequst="false"
When request validation is disabled, content can be submitted to a page; it is the responsibility of the page developer to ensure that content is properly encoded or processed
For the encoding data : Content can be easily HTML-encoded on the server using the Server.HtmlEncode(string) API. Content can also be easily HTML-decoded, that is, reverted back to standard HTML using the Server.HtmlDecode(string) method.