2

So I am trying to contact an asp.net API that wants the parameters as an xml-string: /v3/publicservice.asmx/GetSearchResultAdvancedXml?queryXml=string

http://api.tradera.com/v3/publicservice.asmx?op=GetSearchResultAdvancedXml

Thing is, I get this message: "A potentially dangerous Request.QueryString value was detected from the client."

Which appearantly is solved by: https://stackoverflow.com/a/2673905/585137

<system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime requestValidationMode="2.0" />
</system.web>

I want submit this somehow in android java with Http get.

How do I send requestValidationMode="2.0" ?

Community
  • 1
  • 1
Aron
  • 144
  • 2
  • 11
  • 1
    please see [Android, send and receive XML via HTTP POST method](http://stackoverflow.com/questions/5013373/android-send-and-receive-xml-via-http-post-method) maybe help you in sending xml in request – ρяσѕρєя K Sep 21 '13 at 15:25

2 Answers2

0

One approach would be to scape the XML you are sending as an argument. If you were sending the XML from another ASP.NET application, you could use: Uri.EscapeDataString. According to this post (C# Uri.EscapeDatastring() equivalent for Java), you would have to use Java's URL or URI classes to escape a string that can later be consumed in your ASP.NET application. But, java.net.URL and java.net.URI don't let you escape XML. So, you could do the following:

1] Add this method to your Java code. This is a modified version of the code I found here: https://stackoverflow.com/a/10035382/2168278. You can, as it is suggested in the post, use an XML library.

public static String xmlEscapeText(String t) 
{
   StringBuilder sb = new StringBuilder();
   for(int i = 0; i < t.length(); i++){
      char c = t.charAt(i);
      switch(c){
      case '<': sb.append("%3C"); break;
      case '>': sb.append("%3E"); break;
      case '\"': sb.append("%22"); break;
      case '&': sb.append("%26"); break;
      case ' ': sb.append("%20"); break;
      case '/': sb.append("%2F"); break;
      default:
         if(c>0x7e) {
            sb.append("&#"+((int)c)+";");
         }else
            sb.append(c);
      }
   }
   return sb.toString();
}

2] In your ASP.NET code (which I'm assuming to be C#), you can then get the XML by:

var myXML = Uri.UnescapeDataString(op);

I tested my code using this piece of XML: 

<note><to>Tove</to><from>Jani</from><heading>Reminder</heading><body>Don't forget me this weekend!</body></note>

which I got from here: http://www.w3schools.com/xml/note.xml

Community
  • 1
  • 1
aspiring.algorist
  • 426
  • 4
  • 8
0

It is interesting to know what kind of string you are sending and get that issue.

This happens because of the validation introduced in ASP.NET 4 http://www.asp.net/whitepapers/request-validation which prevents cross side scripting attacks.

The configuration you saw on the other link cannot be submiited from android device. It needs to be done on the server side.

<system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime requestValidationMode="2.0" />
</system.web>

Here you can find how you can do that:

As a result, request validation errors might now occur for requests that previously did not trigger errors. To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file: 

<httpRuntime requestValidationMode="2.0"/>

Also, in case you want to encode the xml string you could use the simpler method in java:

encodedString = UrlEncoder.encode(unencodedString)

and decode it in C# using:

unencodedString = Uri.UnescapeDataString(encodedString);
Claudiu
  • 1,469
  • 13
  • 21