SyntaxFix

[asp.net-mvc] Getting "A potentially dangerous Request.Path value was detected from the client (&)"

I've got a legacy code issue that requires that I support random urls as if they were requests for the home page. Some of the URLs have characters in them that generate the error "A potentially dangerous Request.Path value was detected from the client (&)". The site is written with ASP.Net MVC 3 (in C#) and is running on IIS 7.5.

Here's an example URL...

http://mywebsite.com/Test123/This_&_That

Here's how I have my catch-all route setup (I have other routes to catch specific pages)...

routes.MapRoute(
    "Default", // Route name
    "{garb1}/{garb2}", // URL with parameters
    new { controller = "Website", action = "Home", garb1 = UrlParameter.Optional, garb2 = UrlParameter.Optional } // Parameter defaults
);

I've added the following things to my web.config file...

<configuration>
    <system.web>
        <pages validateRequest="false" />
        <httpRuntime requestValidationMode="2.0" />
    </system.web>
<configuration>

I've also Added the ValidateInput attribute to the action that should be catching the urls...

public class WebsiteController : Controller
{
    [ValidateInput(false)]
    public ActionResult Home()
    {
        return View();
    }
}

But I'm still getting the error. Any ideas why? Did I miss something? Right now I'm just running on my local dev server (I haven't tried these fixes in production yet).

This question is related to asp.net-mvc asp.net-mvc-3

The answer is

While you could try these settings in config file

<system.web>
    <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>

I would avoid using characters like '&' in URL path replacing them with underscores.

Check the below lines are present in your web.config file

<system.web> <httpRuntime requestPathInvalidCharacters="" /> </system.web>

If you want to allow Html tags only for few textbox in mvc

You can do one thing

in controller

 [ValidateInput(false)]
public ActionResult CreateNewHtml()  //view
{
    return View();
}
[ValidateInput(false)]
[HttpPost]
public ActionResult CreateNewHtml(cbs obj)//view cbs is database class
{
    repo.AddHtml(obj);
    return View();
}

We were getting this same error in Fiddler when trying to figure out why our Silverlight ArcGIS map viewer wasn't loading the map. In our case it was a typo in the URL in the code. There was an equal sign in there for some reason.
http:=//someurltosome/awesome/place
instead of
http://someurltosome/awesome/place

After taking out that equal sign it worked great (of course).

I have faced this type of error. to call a function from the razor.

public ActionResult EditorAjax(int id, int? jobId, string type = ""){}

solved that by changing the line

from

<a href="/ScreeningQuestion/EditorAjax/5&jobId=2&type=additional" />

to

<a href="/ScreeningQuestion/EditorAjax/?id=5&jobId=2&type=additional" />

where my route.config is

routes.MapRoute(
            "Default", // Route name
            "{controller}/{action}/{id}", // URL with parameters
            new { controller = "Home", action = "Index", id = UrlParameter.Optional }, new string[] { "RPMS.Controllers" } // Parameter defaults
        );

Source: Stackoverflow.com

Examples related to asp.net-mvc

Using Lato fonts in my css (@font-face) Better solution without exluding fields from Binding Vue.js get selected option on @change You must add a reference to assembly 'netstandard, Version=2.0.0.0 How to send json data in POST request using C# VS 2017 Metadata file '.dll could not be found The default XML namespace of the project must be the MSBuild XML namespace How to create roles in ASP.NET Core and assign them to users? The model item passed into the dictionary is of type .. but this dictionary requires a model item of type How to use npm with ASP.NET Core

Examples related to asp.net-mvc-3

Better solution without exluding fields from Binding IIs Error: Application Codebehind=“Global.asax.cs” Inherits=“nadeem.MvcApplication” Can we pass model as a parameter in RedirectToAction? return error message with actionResult Why is this error, 'Sequence contains no elements', happening? Failed to load resource: the server responded with a status of 500 (Internal Server Error) in Bind function 500.19 - Internal Server Error - The requested page cannot be accessed because the related configuration data for the page is invalid String MinLength and MaxLength validation don't work (asp.net mvc) How to set the value of a hidden field from a controller in mvc How to set a CheckBox by default Checked in ASP.Net MVC

Tags

Click-through Recent-file-list Confirmbutton Dbdatareader Vimclojure Forall User-preferences Instruction-set Magic-quotes-gpc Camping Vendors Fuzzyfinder Pausing-execution Rms Function-module Initializer-list Audiosessionservices Applet Return-value-optimization Coin-change Web-services Selectedtext Winamp Link-to-remote Open-packaging-convention Core-plot Freb Escript Web-deployment Cvs Calculus Archlinux Xml-spreadsheet Logo-testing Direct3d9 Sendgrid Clip Apache-karaf Ansi Awstats Sqlxml Rendertarget Pvrtc Placeholder-control Linq-to-xsd Backgroundworker Nunit-2.5.9 Windows-share Qmainwindow Finalizer Tikz Properties.settings Xbase Dom-traversal Active-script Sdef Dvd-burning Backslash Browser-cache Service-design Memory-bandwidth Temporary-files Http-method On-clause Escaping Termios Systemcolors Comparison-operators Character-limit Mechanize Hit-highlighting Graphical-programming Dto-mapping Subtext Subforms Pipe Variations Mercator Powerpacks Freemarker .lib Light Behavior Service-layer Git-commit Markov-chains Graphic-effects Ora-02291 Mod-pagespeed Encoding Database-mail Event-receiver Exchange-server-2003 Ublas Model-view-adapter Iso9660 Ess Uiviewcontroller Graceful-degradation Derby