I am receiving the rather self explanatory error:
A potentially dangerous Request.Path value was detected from the client (*).
the issue is that my url contains a *:
This url is used to populate a search page where 'test*' is the search term and the rest of the url relates to various other filters.
My question is if there is a simple solution to allow me to add these special characters as search terms?
I have tried including the following in the web.config but it has no effect on if the error message is displayed.
Should I be manually encoding / decoding the special characters?
Is there a best practice for doing this? I would like to try and avoid using a query string but i guess it is an option.
The application itself is a c# asp.net webforms application that uses routing to produce the nice URL above.
* character is not allowed in the path of the URL, but there is no problem using it in the query string:
It's not an encoding issue, the
* character has no special meaning in an URL, so it doesn't matter if you URL encode it or not. You would need to encode it using a different scheme, and then decode it.
For example using an arbitrary character as escape character:
query = query.Replace("x", "xxx").Replace("y", "xxy").Replace("*", "xyy");
query = query.Replace("xyy", "*").Replace("xxy", "y").Replace("xxx", "x");
If you're using .NET 4.0 you should be able to allow these urls via the web.config
<system.web> <httpRuntime requestPathInvalidCharacters="<,>,%,&,:,\,?" /> </system.web>
Note, I've just removed the asterisk (*), the original default string is:
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" />
See this question for more details.
You should encode the route value and then (if required) decode the value before searching.