A potentially dangerous Request.Path value was detected from the client (&).
here are the details of the sample code.
I have a main page that lists movies from the database. The name I receive from DB is "Hide & Seek"
in Movies.aspx the movie names are listed as below
<% foreach (var movie in Model) { %>
<div class="item">
<%: Html.RouteLink(movie.name, new { controller = "Movie", action = "Show", name = movie.name.Replace(" ", "_") })%>
</div>
<% } %>
with above code it displays the name correctly as "Hide & Seek", but the link generated reads as "Hide_%26_Seek".
First, the link is always shows %26 and not "&".
Second, Upon clicking the link it shows the following error.
"A potentially dangerous Request.Path value was detected from the client (&)."
as per the msdn docs, I have also tried with the following custom validation code
namespace Mc.Web.Validation
{
public class CustomRequest : RequestValidator
{
protected override bool IsValidRequestString(System.Web.HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
{
validationFailureIndex = -1; //Set a default value for the out parameter.
//This application does not use RawUrl directly so you can ignore the check.
if (requestValidationSource == RequestValidationSource.RawUrl)
return true;
//Allow the query-string key data to have a value that is formatted like XML.
if ((requestValidationSource == RequestValidationSource.QueryString) && (collectionKey == "data"))
{
//The querystring value "<example>1234</example>" is allowed.
if (value.Contains("_&_"))
{
validationFailureIndex = -1;
return true;
}
return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex);
}
//All other HTTP input checks are left to the base ASP.NET implementation.
return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex);
}
}
}
"And whoever is removed away from the Fire and admitted to Paradise, he indeed is successful." (The Holy Quran)
Excellent Windows VPS Hosting Imran Baloch MVP, MVB, MCP, MCTS, MCPD
Marked as answer by nkpatro on Apr 27, 2010 12:54 PM
Open Google and type & abc then you will find the result some thing
http://www.google.com.pk/search?q=%26+abc
is you are still getting the error?
"And whoever is removed away from the Fire and admitted to Paradise, he indeed is successful." (The Holy Quran)
Excellent Windows VPS Hosting Imran Baloch MVP, MVB, MCP, MCTS, MCPD
Sorry but i don't really understand why you want it to appear as & in the url, you are not using that part of the url as some parameter in your action are you? Is it just for displaying some humanreadable url?
* REMEMBER TO MARK THE ANSWER TO YOUR QUESTION * .NET Developer (ASP.NET, MVC, WPF) MCTS .NET 4 (Web, WCF)
Blog | Twitter
<%: Html.RouteLink(movie.name, new { controller = "Movie", action = "Show", name = movie.name.Replace(" ", "_") }).Replace("%26", "&")%>
"And whoever is removed away from the Fire and admitted to Paradise, he indeed is successful." (The Holy Quran)
Excellent Windows VPS Hosting Imran Baloch MVP, MVB, MCP, MCTS, MCPD
Marked as answer by nkpatro on Apr 27, 2010 12:54 PM
Sorry but i don't really understand why you want it to appear as & in the url, you are not using that part of the url as some parameter in your action are you? Is it just for displaying some humanreadable url?
Yes I'm using that part of the url as a parameter in my action. I still get the desired return value with "%26".
However I want to have a human readable url.
imran_ku07
<%: Html.RouteLink(movie.name, new { controller = "Movie", action = "Show", name = movie.name.Replace(" ", "_") }).Replace("%26", "&")%>
I don't want to replace the character this way, as the database is all German text.
I will have strings like "Geschäftskunden" which will read the url as "Gesch%C3%A4ftskunden"
nkpatro
Member
3 Points
11 Posts
Validation Issues with .NET 4.0 and MVC 2
Apr 26, 2010 08:49 PM|LINK
Hi,
I receive the following error when I try to access a page link that says http://localhost:4199/Movie/Hide_%26_Seek. How do I resolve this issue.
A potentially dangerous Request.Path value was detected from the client (&).
here are the details of the sample code.
I have a main page that lists movies from the database. The name I receive from DB is "Hide & Seek"
in Movies.aspx the movie names are listed as below
<% foreach (var movie in Model) { %> <div class="item"> <%: Html.RouteLink(movie.name, new { controller = "Movie", action = "Show", name = movie.name.Replace(" ", "_") })%> </div> <% } %>with above code it displays the name correctly as "Hide & Seek", but the link generated reads as "Hide_%26_Seek".
First, the link is always shows %26 and not "&".
Second, Upon clicking the link it shows the following error.
"A potentially dangerous Request.Path value was detected from the client (&)."
as per the msdn docs, I have also tried with the following custom validation code
namespace Mc.Web.Validation { public class CustomRequest : RequestValidator { protected override bool IsValidRequestString(System.Web.HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex) { validationFailureIndex = -1; //Set a default value for the out parameter. //This application does not use RawUrl directly so you can ignore the check. if (requestValidationSource == RequestValidationSource.RawUrl) return true; //Allow the query-string key data to have a value that is formatted like XML. if ((requestValidationSource == RequestValidationSource.QueryString) && (collectionKey == "data")) { //The querystring value "<example>1234</example>" is allowed. if (value.Contains("_&_")) { validationFailureIndex = -1; return true; } return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex); } //All other HTTP input checks are left to the base ASP.NET implementation. return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex); } } }and added the following line to the web.config
But the problem still exists. Any help is appreciated.
thanks and regards
Navin
validation asp.net mvc 2 .net 4.0
imran_ku07
All-Star
45815 Points
7698 Posts
MVP
Re: Validation Issues with .NET 4.0 and MVC 2
Apr 27, 2010 02:25 AM|LINK
It is interesting that why you are gettingthis
instead of Bad Request, & is not allow in URL path
http://www.asp.net/LEARN/whitepapers/aspnet4/#0.2__Toc253429244
<div style="overflow: hidden; position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px;" id="_mcePaste">http://www.asp.net/LEARN/whitepapers/aspnet4/#0.2__Toc253429244</div>Excellent Windows VPS Hosting
Imran Baloch MVP, MVB, MCP, MCTS, MCPD
nkpatro
Member
3 Points
11 Posts
Re: Validation Issues with .NET 4.0 and MVC 2
Apr 27, 2010 05:15 AM|LINK
Hi Imran,
Thanks for the link. making the following changes in the web.config resolves the bad request issue.
However, this doesn't resolve the decoding issue yet. my url still shows "%26" and not "&".
Any suggessions please.
regards
Navin
validation ".NET Framework 4.0" "ASP.NET MVC 2" Url Decoding.
imran_ku07
All-Star
45815 Points
7698 Posts
MVP
Re: Validation Issues with .NET 4.0 and MVC 2
Apr 27, 2010 05:25 AM|LINK
this is not a problem man because %26 represent &
Open Google and type & abc then you will find the result some thing
http://www.google.com.pk/search?q=%26+abc
is you are still getting the error?
Excellent Windows VPS Hosting
Imran Baloch MVP, MVB, MCP, MCTS, MCPD
nkpatro
Member
3 Points
11 Posts
Re: Validation Issues with .NET 4.0 and MVC 2
Apr 27, 2010 10:34 AM|LINK
I don't get the error now. But how do I get rid of the %26.
I want to display "&" in the url and not "%26".
In fact this works fine with .net framework 3.5 and MVC 2. But doesn't work with .net framework 4.0
Is there a work around for this??
thanks
Navin
Knecke
Contributor
3712 Points
838 Posts
Re: Validation Issues with .NET 4.0 and MVC 2
Apr 27, 2010 10:43 AM|LINK
Does
do any difference?
.NET Developer (ASP.NET, MVC, WPF) MCTS .NET 4 (Web, WCF)
Blog | Twitter
nkpatro
Member
3 Points
11 Posts
Re: Validation Issues with .NET 4.0 and MVC 2
Apr 27, 2010 11:02 AM|LINK
I tried that already. that didn't helped me either.
Knecke
Contributor
3712 Points
838 Posts
Re: Validation Issues with .NET 4.0 and MVC 2
Apr 27, 2010 11:09 AM|LINK
Sorry but i don't really understand why you want it to appear as & in the url, you are not using that part of the url as some parameter in your action are you? Is it just for displaying some humanreadable url?
.NET Developer (ASP.NET, MVC, WPF) MCTS .NET 4 (Web, WCF)
Blog | Twitter
imran_ku07
All-Star
45815 Points
7698 Posts
MVP
Re: Validation Issues with .NET 4.0 and MVC 2
Apr 27, 2010 11:12 AM|LINK
<%: Html.RouteLink(movie.name, new { controller = "Movie", action = "Show", name = movie.name.Replace(" ", "_") }).Replace("%26", "&")%>
Excellent Windows VPS Hosting
Imran Baloch MVP, MVB, MCP, MCTS, MCPD
nkpatro
Member
3 Points
11 Posts
Re: Validation Issues with .NET 4.0 and MVC 2
Apr 27, 2010 11:51 AM|LINK
Yes I'm using that part of the url as a parameter in my action. I still get the desired return value with "%26".
However I want to have a human readable url.
I don't want to replace the character this way, as the database is all German text.
I will have strings like "Geschäftskunden" which will read the url as "Gesch%C3%A4ftskunden"
So, this string must be decoded.
any inputs are appreciated.
Regards
Navin