Error : potentially dangerous Request. how can able to allow the url containing a (&)

Question

this is my the url-

http://localhost:4566/PropertyMap/project/ackruti-gardenia-dahisar-&-beyond-mumbai

and I got error as-

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (&).

Stack Trace:

[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (&).]
   System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9673044
   System.Web.ValidateRequestExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +35
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

How can i solve it?

Possible duplicate of [A potentially dangerous Request.Path value was detected from the client (*)](http://stackoverflow.com/questions/5967103/a-potentially-dangerous-request-path-value-was-detected-from-the-client) — Stefan, Apr 23 '13 at 21:07
possible duplicate of [passing parameters issue in javascript and c#](http://stackoverflow.com/questions/16155272/passing-parameters-issue-in-javascript-and-c-sharp) — I4V, Apr 23 '13 at 21:09

Niels Keurentjes · Answer 1 · 2013-04-23T21:57:54.750

8

The ampersand (&) has special meaning in a URL, being used to separate elements within Query String and Fragment parts. This usage is forbidden by default because it's typical for hackers to probe around like this, trying to discover exploits.

To avoid this you need to use URL encoding on the path, so the ampersand is encoded to %26, making the final URL:

http://localhost:4566/PropertyMap/project/ackruti-gardenia-dahisar-%26-beyond-mumbai

Since you do not specify where the URL is constructed I cannot help you with how to encode it properly - implementation differs per language.

edited Apr 23 '13 at 21:57

answered Apr 23 '13 at 21:10

Niels Keurentjes

41,402
9
98
136

1

Not that I'm disagreeing with you, but wouldn't the _query_ actually start _after_ a question mark `?`? If an ampersand appears _before_ the question mark, does it still denote the query string? For example: `new Uri(@"http://localhost:4566/PropertyMap/project/ackruti-gardenia-dahisar-&-beyond-mumbai").Query` is blank, but the `LocalPath` still shows the full path. (the reported exceptions are probably how the request validation operates as a security measure) Only once you throw in a question mark in there does it start separating out the content. – Chris Sinclair Apr 23 '13 at 21:56
1

You're absolutely right, I've been working too hard today - fixed my answer. – Niels Keurentjes Apr 23 '13 at 21:58

score 6 · Answer 2 · edited May 08 '18 at 19:02

6

Use the HttpUtility.UrlEncode() method

edited May 08 '18 at 19:02

Paul Roub

36,322
27
84
93

answered Apr 23 '13 at 21:14

JourneyThroughCode

419
3
4

Error : potentially dangerous Request. how can able to allow the url containing a (&)

2 Answers2

Linked