We're using ASP.NET MVC3 with Razor View engine and standard HTML and jquery on the client side. We're trying to pass an "&" in the post url of a search request but we are always getting an A potentially dangerous Request.Path value was detected from the client (&) , though we did encode it from the javascript side using encodeURIComponent
http://localhost:6200/en/us/home/GetPoints/cat-0,gov-0,city-0,key-casper%26gambibi,addr-!1!10
Thanks Yehia
One approach could be to modify the requestPathInvalidCharacters attribute of the HttpRuntime node in the web.config
By using the following HttpRuntime configuration setting you can keep validation tight by removing the & character validation check however leaving the others in place.
The defaults for "requestPathInvalidCharacters" are "<,>,*,%,&,:,\\". So just remove the &.
<httpRuntime requestValidationMode="4.0" executionTimeout="20"
requestPathInvalidCharacters="<,>,*,%,:,\,?" />
But as Chris mentions in his comment above, passing the search values in the query string will work without the above httpRuntime change:
http://localhost:6200/en/us/home/GetPoints?paramName=key-casper%26gambibi&......
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.