Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Getting “A potentially dangerous Request.Path value was detected from the client (&)”

I have a REST Service and when I try and make a call to an item that has a & in it's name, I get the above error, which would make sense if I was not encoded the &

So this would be my call:

http://localhost:57851/myService/Servers/myServer/Repositories/myRepository/Models/Mine%26Yours

You can see "Mine&Yours" has been encoded as "Mine%26Yours" so should be safe.

But the request is being picked up as though I'd not encoded it.

Any ideas?

Edit:

This is not the same as (Getting "A potentially dangerous Request.Path value was detected from the client (&)")

like image 233
sbarnby71 Avatar asked Oct 21 '15 11:10

sbarnby71


1 Answers

It makes no difference to ASP.NET whether you encode the & symbol or not. See this answer: https://stackoverflow.com/a/12037000/134761

To allow special characters in your URL path you should modify the requestPathInvalidCharacters parameter in web.config like this:

<httpRuntime requestPathInvalidCharacters="" />

Or if you want to only allow & but disallow all other special chars:

<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,\"/>
like image 179
holdenmcgrohen Avatar answered Sep 22 '22 11:09

holdenmcgrohen