A potentially dangerous Request Path value was detected from the client

Question

I am receiving the rather self explanatory error      A potentially dangerous Request Path value was detected from the client        The issue is due to   in the request URL   https   stackoverflow com Search test  0 1 10 1   This url is used to populate a search page where  test   is the search term and the rest of the url relates to various other filters   Is there an easy way to allow these special characters in the URL  I ve tried modifying the web config  to no avail   Should I manually encode   decode the special characters  Or is there a best practice for doing this  I would like to avoid using query strings  - but it may be an option   The application itself is a c  asp net webforms application that uses routing to produce the nice URL above

User · Answer

Try to set web project s server propery as Local IIS if it is IIS Express  Be sure if project url is right and create virual directory

User · Answer

I had a similar issue in Azure Data Factory with the   character  I resolved the problem by substituting   with  3A as shown here  For example  I substituted date1 2020-01-25T00 00 00 000Z  with date1 2020-01-25T00 3A00 3A00 000Z

User · Answer

The   character is not allowed in the path of the URL  but there is no problem using it in the query string   http   localhost 3286 Search  q test    It s not an encoding issue  the   character has no special meaning in an URL  so it doesn t matter if you URL encode it or not  You would need to encode it using a different scheme  and then decode it   For example using an arbitrary character as escape character   query   query Replace  x    xxx   Replace  y    xxy   Replace       xyy      And decoding   query   query Replace  xyy        Replace  xxy    y   Replace  xxx    x

User · Answer

For me  I am working on   net 4 5 2 with web api 2 0  I have the same error  i set it just by adding  requestPathInvalidCharacters    in the requestPathInvalidCharacters you have to set not allowed characters else you have to remove characters that cause this problem     lt system web gt        lt httpRuntime targetFramework  4 5 2  requestPathInvalidCharacters      gt        lt pages   gt         lt namespaces gt              lt  namespaces gt       lt  pages gt      lt  system web gt      Note that it is not a good practice  may be a post with this parameter as attribute of an object is better or try to encode the special character  -- After searching on best practice for designing rest api  i found that in search  sort and paginnation  we have to handle the query parameter like this   companies search Digital 26Mckinsey   and this solve the problem when we encode  amp  and remplace it on the url by  26 any way  on the server we receive the correct parameter Digital amp Mckinsey  this link may help on best practice of designing rest web api https   hackernoon com restful-api-designing-guidelines-the-best-practices-60e1d954e7c9

User · Answer

This exception occurred in my application and was rather misleading   It was thrown when I was calling an  aspx page Web Method using an ajax method call  passing a JSON array object  The Web Page method signature contained an array of a strongly-typed  NET object  OrderDetails  The Actual Qty property was defined as an int  and the JSON object Actual Qty property contained  4    extra space character    After removing the extra space  the conversion was made possible  the Web Page method was successfully reached by the ajax call

User · Answer

If you re using  NET 4 0 you should be able to allow these urls via the web config   lt system web gt       lt httpRuntime              requestPathInvalidCharacters   amp lt   amp gt     amp amp           gt   lt  system web gt    Note  I ve just removed the asterisk      the original default string is    lt httpRuntime            requestPathInvalidCharacters   amp lt   amp gt       amp amp           gt    See this question for more details

User · Answer

You should encode the route value and then  if required  decode the value before searching

User · Answer

For me  when typing the url  a user accidentally used a   instead of a   to start the query parameters  e g       url com endpoint parameter SomeValue amp otherparameter Another value   which should have been      url com endpoint parameter SomeValue amp otherparameter Another value

User · Answer

When dealing with Uniform Resource Locator URL  s there are certain syntax standards  in this particular situation we are dealing with Reserved Characters   As up to RFC 3986  Reserved Characters may  or may not  be defined as delimiters by the generic syntax  by each scheme-specific syntax  or by the implementation-specific syntax of a URI s dereferencing algorithm  And asterisk    is a Reserved Character   The best practice is to use Unreserved Characters in URLs or you can try encoding it   Keep digging     HTML URL Encoding Reference  w3schools  When to Encode or Decode  RFC 3986

[c#] A potentially dangerous Request.Path value was detected from the client (*)

Examples related to c#

Examples related to asp.net

Examples related to url

Examples related to routing

Examples related to webforms