0

I am building a url and using it to point to one of my controllers to do some work. I got this error when I passed the url having %3F isntead of ?

A potentially dangerous Request.Path value was detected from the client (?).

The Url generated by UriBuilder looks like this:

http://mywebsite.com:7606/DoWork/DoChanges%3FEmployeeRequestId=17&ExtNumber=6340&ChangeOrderId=26&Operation=2&TargetExt=4357&Index=2

When I change %3F to ? after 'DoChanges' it works fine but it does not like it when its %3F. How can I decode this? I need the parameters visible so that service desk can read the link if they need to. so I do not want to encode the entire thing.

laitha0
  • 4,148
  • 11
  • 33
  • 49
  • A careful readying of [RFC3986](http://tools.ietf.org/html/rfc3986) says that the delimiters of a uri (the 'proper' term for a url) aren't encoded, only data is encoded. The '?' is a delimiter (separating the path from parameters), not data, so by the spec ecoding the ? as %3F (in this case) is wrong. – Christopher Stevenson Feb 04 '14 at 16:40

1 Answers1

1

I can't post this in a comment, so I'll write it here. The solution of your answer can be found here .

As quoted from here, you just have to use these your settings in your config file

<system.web>
    <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>
Community
  • 1
  • 1
Save
  • 11,450
  • 1
  • 18
  • 23
  • Am I supposed to have that already in my Web.config because I dont?, also this is to specify invalid characters where I need to specify that %3F or ? are valid, do you know of the reverse operation? – laitha0 Aug 09 '13 at 14:22
  • still it did not like it, i tired requestValidationMode "4.0" and 2.0 as suggested. now I am getting 404 instead of that error – laitha0 Aug 09 '13 at 14:34