ChatGPT解决这个技术问题 Extra ChatGPT

Getting "A potentially dangerous Request.Path value was detected from the client (&)"

I've got a legacy code issue that requires that I support random URLs as if they were requests for the home page. Some of the URLs have characters in them that generate the error "A potentially dangerous Request.Path value was detected from the client (&)". The site is written with ASP.Net MVC 3 (in C#) and is running on IIS 7.5.

Here's an example URL... 

http://mywebsite.example/Test123/This_&_That

Here's how I have my catch-all route setup (I have other routes to catch specific pages)... 

routes.MapRoute(
    "Default", // Route name
    "{garb1}/{garb2}", // URL with parameters
    new { controller = "Website", action = "Home", garb1 = UrlParameter.Optional, garb2 = UrlParameter.Optional } // Parameter defaults
);

I've added the following things to my web.config file... 

<configuration>
    <system.web>
        <pages validateRequest="false" />
        <httpRuntime requestValidationMode="2.0" />
    </system.web>
<configuration>

I've also Added the ValidateInput attribute to the action that should be catching the urls... 

public class WebsiteController : Controller
{
    [ValidateInput(false)]
    public ActionResult Home()
    {
        return View();
    }
}

But I'm still getting the error. Any ideas why? Did I miss something? Right now I'm just running on my local dev server (I haven't tried these fixes in production yet).

There is a setting to allow certain chars I'll check shortly when back on computer......but can you urlencode your URL?
possible duplicate of A potentially dangerous Request.Path value was detected from the client (*)
I don't know for what reason the website was internally trying a redirection which was creating a URL like 'localhost/://localhost/myWebsiteName' which was giving me the same error. I don't know why ASP.net pipeline considers it a dangerous request URL.
In my case, I was missing a slash in the URL. The first thing to do would be to check for a typo in the URL.

A
Alexander Prokofyev

While you could try these settings in config file 

<system.web>
    <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>

I would avoid using characters like '&' in URL path replacing them with underscores.

It appears the requestPathInvalidCharacters="" did the trick. Thanks. I definitely agree that you shouldn't use & in the path, unfortunately we've been allowing it for years so we need to continue to support it.
isnt't that a security issue?
@MariusStanescu - It's not inherently a security issue; it depends on what you do with it. If the input is taken and escaped and included with the output it will be fine. If it isn't escaped, then you might open yourself up to an attack.
This solution can give you this error: HTTP Error 500.19 - Internal Server Error The requested page cannot be accessed because the related configuration data for the page is invalid.
I also received an error 500 when using this answer. This was due to already having and tags, therefore there was a duplication conflict. After resolving that, this answer working fine for me too.
r
reza.cse08

I have faced this type of error. to call a function from the razor. 

public ActionResult EditorAjax(int id, int? jobId, string type = ""){}

solved that by changing the line

from 

<a href="/ScreeningQuestion/EditorAjax/5&jobId=2&type=additional" />

to 

<a href="/ScreeningQuestion/EditorAjax/?id=5&jobId=2&type=additional" />

where my route.config is 

routes.MapRoute(
            "Default", // Route name
            "{controller}/{action}/{id}", // URL with parameters
            new { controller = "Home", action = "Index", id = UrlParameter.Optional }, new string[] { "RPMS.Controllers" } // Parameter defaults
        );
Is EditorAjax and ApIController (vs View Controller)? I have both and ApiController takes URL params well, because probably the defaults allow it because that's a common usage. I only have problem now that I want to add URL params to View Controllers.
P
Pavan

If you want to allow Html tags only for few textbox in mvc

You can do one thing

in controller 

 [ValidateInput(false)]
public ActionResult CreateNewHtml()  //view
{
    return View();
}
[ValidateInput(false)]
[HttpPost]
public ActionResult CreateNewHtml(cbs obj)//view cbs is database class
{
    repo.AddHtml(obj);
    return View();
}
The OP explicitly speaks of URLs he needs to support (not text box content) and there's also no mention of HTML - so your answer really does not apply to the given question.
It doesn't apply to the question, but I upvoted as it's something I didn't know was an option. Thanks @Pavan
J
Josh P

We were getting this same error in Fiddler when trying to figure out why our Silverlight ArcGIS map viewer wasn't loading the map. In our case it was a typo in the URL in the code. There was an equal sign in there for some reason.
http:=//someurltosome/awesome/place
instead of
http://someurltosome/awesome/place

After taking out that equal sign it worked great (of course).

B
Balamurugan

Check the below lines are present in your web.config file

<system.web> <httpRuntime requestPathInvalidCharacters="" /> </system.web>

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Links

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.