Url Encoded Asterisk

Asked Mar 30 '17 at 09:17

Active Mar 30 '17 at 09:17

Viewed 111 times

If I pass a string as a parameter to Url.Encode, .NET chooses not to url encode the character.

So...

Url.Action("A", "C", new { id = "1*1" }

...would create the url http://mysite/C/A/1*1

However, clicking this link causes .NET to reject the parameter and throws the exception...

A potentially dangerous Request.Path value was detected from the client (*).

If I change the URL (in chrome) to a url encoded version...

http://mysite/C/A/1%2A1

... if still throws the same error?

How can I ensure the URLs created by .NET on one page are allowed on another page?

asked Mar 30 '17 at 09:17

Beakie

2

To be clear, the URL is not being created by *.NET*, it is being created by *you*. – Sam Axe Mar 30 '17 at 09:19
1

Indirect solution: http://stackoverflow.com/a/8597868/613130 – xanatos Mar 30 '17 at 09:20
1

You can't have an asterisk in the path. The accepted answer to the linked question is actually a good one. Don't use such strings in the path, put them in the query string. Change your route – Panagiotis Kanavos Mar 30 '17 at 09:21
Thanks. I changed it to a querystring parameter and all is now good. – Beakie Mar 30 '17 at 09:35

0 Answers0