A potentially dangerous Request.Path value was det

2019-04-09 08:52发布

问题:

I have an ASP.NET MVC 4 Web Application running on IIS 7.5 for a few weeks now and I noticed that just recently I have been getting quite a lot of the following errors:
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (?). at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

I know that this exception is caused when the URL path contains illegal characters but the strange thing is that in my case the URL is valid. Here is one example of the URL: www.mysite.com/myApp/bookTitle?chapter=12&page=278.

However, when I try any of the reported links they are working fine and without any exceptions.

By looking at the Error Log I noticed that the query string doesn't show as a part of the QUERY_STRING variable but it is included along with the rest of the path in the PATH_INFO variable which looks like this:
/myApp/bookTitle?chapter=12&page=278. So it seems that the (?) is not recognized as the separator between the path and the query (maybe because of some kind of URL encoding) but I am not sure how to fix this.

Any help would be greatly appreciated.

回答1:

When ASP.NET receives a request with the '?' character encoded as '%3F' it gives this error message. At the same time it decodes the '%3F' to a '?' character in the Request["PATH_INFO"] or Request.PathInfo variable.

If you look at Request["HTTP_URL"] or Request.Url.OrigionalString you might see something different.



回答2:

Make sure single codes : I also got same issues with that error. Below is my correct code piece:

titleNew = string.Format("{1}", idx, resource.Title);