[聚合问答] A potentially dangerous Request.Path value was detected from the client (*)

c#,asp.net,url,routing,webforms 2017-11-30 27 阅读

I am receiving the rather self explanatory error:

A potentially dangerous Request.Path value was detected from the client (*).

the issue is that my url contains a *:

https://stackoverflow.com/Search/test*/0/1/10/1

This url is used to populate a search page where 'test*' is the search term and the rest of the url relates to various other filters.

My question is if there is a simple solution to allow me to add these special characters as search terms?

I have tried including the following in the web.config but it has no effect on if the error message is displayed.

Should I be manually encoding / decoding the special characters?

Is there a best practice for doing this? I would like to try and avoid using a query string but i guess it is an option.

The application itself is a c# asp.net webforms application that uses routing to produce the nice URL above.

3个回答

79

The * character is not allowed in the path of the URL, but there is no problem using it in the query string:

http://localhost:3286/Search/?q=test*

It's not an encoding issue, the * character has no special meaning in an URL, so it doesn't matter if you URL encode it or not. You would need to encode it using a different scheme, and then decode it.

For example using an arbitrary character as escape character:

query = query.Replace("x", "xxx").Replace("y", "xxy").Replace("*", "xyy");

And decoding:

query = query.Replace("xyy", "*").Replace("xxy", "y").Replace("xxx", "x");

2017-11-30
250

If you're using .NET 4.0 you should be able to allow these urls via the web.config

<system.web>
    <httpRuntime requestPathInvalidCharacters="&lt;,&gt;,%,&amp;,:,\,?" />
</system.web>

Note, I've just removed the asterisk (*), the original default string is:

<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,:,\,?" />

See this question for more details.

2017-11-30
4

You should encode the route value and then (if required) decode the value before searching.

2017-11-30

注:本文内容来自互联网,旨在为开发者提供分享、交流的平台。如有涉及文章版本等事宜,请你联系站长进行处理。