I have a service stack application, A test service receives a simple request, but I'm finding the value of the request once received isn't matching the original request.

I send in: http://localhost/testapp/test?value=%22test%20data%22%20%3C12345%3E

but the code outputs: test data" 12345>

Note the missing first double quote and the missing left hand angle bracket.

Any ideas why the application would be dropping the first " and the "<"? Is it part of some sort XSS protection?

My code:

public class TestService : RestServiceBase<RequestDto>, IRestService<RequestDto>
{
    public override object OnGet(RequestDto request)
    {
       return request.Value;
    }
}

public class RequestDto
{
    public string Value { get; set; }
}

To allow service stack in the first place to receive requests with "<". I had to switch the applications web.config to use: requestValidationMode="2.0"

This has also been fixed in an upcoming release of servicestack.

See this github issue for further information.

You need to wrap the entire value in quotes and escape your inner quotes. This is because the querystring parameter is expecting the ServiceStack JSV format. Which means:

Any string with any of the following characters: []{}," is escaped using CSV-style escaping where the value is wrapped in double quotes

See http://www.servicestack.net/docs/text-serializers/json-csv-jsv-serializers for more details.

You need to pass in your value as

?Value="""test data"" <12345>"

or

?Value=%22%22%22test%20data%22%22%20%3C12345%3E%22

This will get deserialized into '

"test data" <12345>