Getting error while clicking on link

Question

I am binding url to my href tag dynamically using knockout's observable

 <a data-bind="attr: { href: URlPath }">See this</a>

I have declared observable as below

       this.URlPath = ko.observable("http://mysite/api/MyMethod&Param1=0000333&Param2=0000000002&Param3=0000000001");

When i click on link i get error

A potentially dangerous Request.Path value was detected from the client (&). 
[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (&).]
System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9561124
System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +53

I try to use below in web.config but didnt helped. I am using WebApi.

 <httpRuntime targetFramework="4.5"  requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,\,?"/>

I dont have any special characters as well but still i get this error. Can someone help me?

Update

Here is my method in webapi

[ActionName("MyMethod")]
[AcceptVerbsAttribute("GET", "POST")]
[HttpPost]
public HttpResponseMessage MyMethod(string Param1, string Param2, string Param3)
{
      //some logic
}

Have you googled that error? It's got lots of results. [Top Result](http://stackoverflow.com/questions/1455528/a-potentially-dangerous-request-form-value-was-detected-from-the-client-asp-ne) — xdumaine, Sep 16 '14 at 12:20
@xdumaine i tried using [ValidateInput(false)] on webpi controller but seems its not allowing me. I get syntax error — James, Sep 16 '14 at 12:41

score 1 · Accepted Answer · answered Sep 16 '14 at 12:50

1

Your url is wrong it should be as below, you are using & after Action Name

this.URlPath = ko.observable("http://mysite/api/MyMethod?Param1=0000333&Param2=0000000002&Param3=0000000001");

answered Sep 16 '14 at 12:50

Amit

15,217
8
46
68

Yes you are right. Just missed the "?" Also i dont want to show parameters to user when he clicks on link. how can i avoid it? – James Sep 16 '14 at 12:54
create a model and send that model to web api. but some tool can be crack data like fiddler – Amit Sep 16 '14 at 12:56
can you give me example of this? i will be really thankful. No thats ok if its hacked in fiddler or not. I just dont to show normal user to see parameters – James Sep 16 '14 at 13:04
Try to understand http://www.codeproject.com/Articles/659131/Understanding-and-Implementing-ASPNET-WebAPI – Amit Sep 16 '14 at 13:06

Getting error while clicking on link

1 Answers1