0

I have an MVC controller with the following method

    [HttpGet]
    public ActionResult Image(int image, string message)
    {

I want this to be a GET because it's the appropriate verb to use for the method I'm implementing.

I want to supply "Does this work?" as a parameter to the method. Obviously this is not going to work:

http://localhost:55197/Controller/Image/3/Does%20this%20work?

The question mark is considered part of the query string and is removed. I've read this question which suggests encoding the question mark to %3F, this makes sense to me (after all we encode our spaces). However when I call the method with this query string:

http://localhost:55197/Controller/Image/3/Does%20this%20work%3F

I get

A potentially dangerous Request.Path value was detected from the client (?).

I've read this question which suggests using the [AllowHtml] attribute, but this can only be used on properties (and is therefore more appropriate to POST requests.

How can I pass strings like:

Does this work?

I think so...

Into this method?

Community
  • 1
  • 1
Liath
  • 9,913
  • 9
  • 51
  • 81

1 Answers1

1

Try below code in web.config file :- 

<system.web>
    <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>
Kartikeya Khosla
  • 18,743
  • 8
  • 43
  • 69
  • This seems very drastic, can you expand on the security implications of turning off validations on all requests!? – Liath May 16 '15 at 16:28
  • @Liath..Well Yes ...you have to specify the settings in web.config as shown above...there is no other option. – Kartikeya Khosla May 18 '15 at 08:54