Getting A potentially dangerous Request Path value was detected from the client

Question

I ve got a legacy code issue that requires that I support random urls as if they were requests for the home page  Some of the URLs have characters in them that generate the error  A potentially dangerous Request Path value was detected from the client   amp     The site is written with ASP Net MVC 3  in C   and is running on IIS 7 5   Here s an example URL     http   mywebsite com Test123 This  amp  That   Here s how I have my catch-all route setup  I have other routes to catch specific pages      routes MapRoute       Default      Route name       garb1   garb2       URL with parameters     new   controller    Website   action    Home   garb1   UrlParameter Optional  garb2   UrlParameter Optional      Parameter defaults      I ve added the following things to my web config file      lt configuration gt       lt system web gt           lt pages validateRequest  false    gt           lt httpRuntime requestValidationMode  2 0    gt       lt  system web gt   lt configuration gt    I ve also Added the ValidateInput attribute to the action that should be catching the urls     public class WebsiteController   Controller        ValidateInput false       public ActionResult Home                 return View              But I m still getting the error  Any ideas why  Did I miss something  Right now I m just running on my local dev server  I haven t tried these fixes in production yet

User · Answer

I have faced this type of error  to call a function from the razor  public ActionResult EditorAjax int id  int  jobId  string type    quot  quot      solved that by changing the line from  lt a href  quot  ScreeningQuestion EditorAjax 5 amp jobId 2 amp type additional quot    gt    to  lt a href  quot  ScreeningQuestion EditorAjax  id 5 amp jobId 2 amp type additional quot    gt   where my route config is routes MapRoute               quot Default quot      Route name              quot  controller   action   id  quot      URL with parameters             new   controller    quot Home quot   action    quot Index quot   id   UrlParameter Optional    new string      quot RPMS Controllers quot       Parameter defaults

User · Answer

While you could try these settings in config file   lt system web gt       lt httpRuntime requestPathInvalidCharacters    requestValidationMode  2 0    gt       lt pages validateRequest  false    gt   lt  system web gt    I would avoid using characters like   amp   in URL path replacing them with underscores

User · Answer

Check the below lines are present in your web config file   lt system web gt       lt httpRuntime requestPathInvalidCharacters      gt   lt  system web gt

User · Answer

We were getting this same error in Fiddler when trying to figure out why our Silverlight ArcGIS map viewer wasn t loading the map  In our case it was a typo in the URL in the code   There was an equal sign in there for some reason  http    someurltosome awesome place instead of http   someurltosome awesome place    After taking out that equal sign it worked great  of course

User · Answer

If you want to allow Html tags only for few textbox in mvc  You can do one thing  in controller    ValidateInput false   public ActionResult CreateNewHtml      view       return View       ValidateInput false    HttpPost  public ActionResult CreateNewHtml cbs obj   view cbs is database class       repo AddHtml obj       return View

[asp.net-mvc] Getting "A potentially dangerous Request.Path value was detected from the client (&)"

Examples related to asp.net-mvc

Examples related to asp.net-mvc-3