2

I'm trying to send a string of XML as part of the query string. Normally I'd POST this XML but I'm sending it to a 3rd party system that I can't POST stuff to.

So, as it goes, I need the 3rd party system to request the services of one of the pages in my system. (explanation: the 3rd party system produces PDFs of my web pages. I give it a URL to my page, and it PDF's that page. So, the XML file contains data that I need to generate the page)

Anyway, I'm getting my query string as follows:

string data = Server.UrlEncode(xmlSnippet.ToString());

string sFullUrl = urlString + "?data=" + data;

I give the 3rd pary system this URL, and it calls my page.. except the request doesn't reach the page. It's failing into the Application_Error handler with this message:

"A potentially dangerous Request.QueryString value was detected from the client (data=[my XML data])"

As I know the data I'm sending is safe, is there any way I can make this work?

Thanks

Improve this question

1 Answer 1

Reset to default
2

You need to disable Request Validation.

This is a hopelessly broken and ineffective “anti-cross-site-scripting” feature which, very regrettably, is turned on by default in ASP.NET. It will block access for any request containing incoming data that looks like a tag.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

do you mean to say that Microsoft, in their attempt to hack together a platform to dominate web development, managed to include a feature that hinders real development as opposed to letting the developers decide what they wanted to do with their code? Well, I'll take your word for it so! Thanks & +1 :-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.