I have a controller in an MVC 4 .NET application that receives a string as a parameter from an URL. This comes from an aspx page redirected to the controller in Route.config
.
If I send this value for the parameter in the client: fwdgerhb+bhrth+ftrgbhrt
I get the following value at the server: fwdgerhb bhrth ftrgbhrt
The server is interpreting the URL parameter value as an encoded URL and replaces +
by . But it has not been URL encoded. This will occur for other combinations of special chars if they appear in the parameter value.
Is there a config parameter in IIS Server to configure the server to not try to URL-decode this value?
Example Request:
mypage.aspx?value=cat+dog (NOT ENCODED)
Route Config
static void RegisterRoutes(RouteCollection routes)
{
routes.MapRouteLowercase(
name: "MyRouter",
url: "mypage.aspx",
defaults: new { controller = "My", action = "DoLog" }
);
}
The controller:
public class MyController : Controller
{
[AllowAnonymous]
public ActionResult DoLog(string value)
{
//Here value has "cat dog"
}
}
Yes, MVC automatically URL decodes action parameters, but you can still access the URL encoded version through a query string. As you can see in this question: Is MVC2 ASP.Net URLDecoding automatically?
In this article we will be discussing how to pass parameter in controller from URL in MVC application. First of all create one empty MVC web project and implement below code. At first we will create one model class called Person with two properties. Then within this class we will write simple ADO.NET code to fetch data from SQLServer Database.
You can encode a URL using with the UrlEncode () method or the UrlPathEncode () method. However, the methods return different results. The UrlEncode () method converts each space character to a plus character (+).
The text to encode. An encoded string. The UrlEncode (String) method can be used to encode the entire URL, including query-string values. If characters such as blanks and punctuation are passed in an HTTP stream without encoding, they might be misinterpreted at the receiving end.
You can use the following to grab the query-string manually from the controller:
Request.QueryString.Get("value");
Or, to get it from the view:
Html.ViewContext.HttpContext.Request.QueryString.Get("value");
But honestly, why not just encode the string yourself before you send it through the routing:
HttpUtility.UrlEncode(value);
and then when you get the the value again:
HttpUtility.UrlDecode(value);
So that way you have control of your string
Update
You can also do the following to allow your routeConfig to allow the "+" attribute:
<location path="CustomHttpHandler">
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true" />
</security>
</system.webServer>
</location>
Here is a question that tells you the ups and downs of turning this on and off: Is Enabling Double Escaping Dangerous?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With