Getting "A potentially dangerous Request.Path value was detected from the client (&)"
asp.net Mvcasp.net Mvc-3asp.net Mvc Problem Overview
I've got a legacy code issue that requires that I support random urls as if they were requests for the home page. Some of the URLs have characters in them that generate the error "A potentially dangerous Request.Path value was detected from the client (&)". The site is written with ASP.Net MVC 3 (in C#) and is running on IIS 7.5.
Here's an example URL...
http://mywebsite.com/Test123/This_&_That
Here's how I have my catch-all route setup (I have other routes to catch specific pages)...
routes.MapRoute(
"Default", // Route name
"{garb1}/{garb2}", // URL with parameters
new { controller = "Website", action = "Home", garb1 = UrlParameter.Optional, garb2 = UrlParameter.Optional } // Parameter defaults
);
I've added the following things to my web.config file...
<configuration>
<system.web>
<pages validateRequest="false" />
<httpRuntime requestValidationMode="2.0" />
</system.web>
<configuration>
I've also Added the ValidateInput attribute to the action that should be catching the urls...
public class WebsiteController : Controller
{
[ValidateInput(false)]
public ActionResult Home()
{
return View();
}
}
But I'm still getting the error. Any ideas why? Did I miss something? Right now I'm just running on my local dev server (I haven't tried these fixes in production yet).
asp.net Mvc Solutions
Solution 1 - asp.net Mvc
While you could try these settings in config file
<system.web>
<httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
<pages validateRequest="false" />
</system.web>
I would avoid using characters like '&' in URL path replacing them with underscores.
Solution 2 - asp.net Mvc
I have faced this type of error. to call a function from the razor.
public ActionResult EditorAjax(int id, int? jobId, string type = ""){}
solved that by changing the line
from
<a href="/ScreeningQuestion/EditorAjax/5&jobId=2&type=additional" />
to
<a href="/ScreeningQuestion/EditorAjax/?id=5&jobId=2&type=additional" />
where my route.config is
routes.MapRoute(
"Default", // Route name
"{controller}/{action}/{id}", // URL with parameters
new { controller = "Home", action = "Index", id = UrlParameter.Optional }, new string[] { "RPMS.Controllers" } // Parameter defaults
);
Solution 3 - asp.net Mvc
If you want to allow Html tags only for few textbox in mvc
You can do one thing
in controller
[ValidateInput(false)]
public ActionResult CreateNewHtml() //view
{
return View();
}
[ValidateInput(false)]
[HttpPost]
public ActionResult CreateNewHtml(cbs obj)//view cbs is database class
{
repo.AddHtml(obj);
return View();
}
Solution 4 - asp.net Mvc
We were getting this same error in Fiddler when trying to figure out why our Silverlight ArcGIS map viewer wasn't loading the map.
In our case it was a typo in the URL in the code. There was an equal sign in there for some reason.
http:=//someurltosome/awesome/place
instead of
http://someurltosome/awesome/place
After taking out that equal sign it worked great (of course).
Solution 5 - asp.net Mvc
Check the below lines are present in your web.config file
<system.web> <httpRuntime requestPathInvalidCharacters="" /> </system.web>