First check this link :
https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)[
^]
I would recommend doing it on a single page rather than disabling it for entire application like this:
In web-config:
<location path="test.aspx">
<system.web>
<httpruntime requestvalidationmode="2.0" />
</system.web>
</location>
and on page :
<@ Page validateRequest="false" %>
after that you can check for the user input from that page pro-actively to avoid any security issues.