1

I have a bit of a strange problem. I have a controller that is supposed to receive a URL as one of the parameters. I am encoding the URL, and trying to call the controller as such:

http://www.mysite.com/dowork/1/http%3a%2f%2fwww.otherurl.com

However, I am getting the error

A potentially dangerous Request.Path value was detected from the client (:).

What gives? Any way to handle this WITHOUT disabling validation?

Improve this question
3
  • Show how you are getting the value in your controller Commented Mar 29, 2012 at 6:21
  • It's simply one of the parameters of the Controller. I am letting the Routing Module do the rest. Commented Mar 29, 2012 at 6:33
  • Interestingly enough, if I use traditional query strings I don't have this issue. Commented Mar 29, 2012 at 6:34

2 Answers 2

Reset to default
2

If that is .NET 4.0, you can edit this configuration setting:

<system.web>
   <httpRuntime requestPathInvalidCharacters="&lt;,&gt;,%,&amp;,:,\,?" />
</system.web>

If you don't wish to edit this, you can additionally encode your incoming url - use custom encoding (like replacing dangerous characters) or use base64 encoding or omit protocol part if possible before sending to controller (drop http://, if https:// is possible also, you need to think how to pass that).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

IF you pass it as a query string parameter (?path=....) you avoid the problem, the characters are only illegal as part of a path.

If you insist on passing the data as part of the path you will need to encode differently, like convert the string into a range of hexadecimal values or similar.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.