{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 戒情不戒烟 的问题《Why does the default setting for `requestPathInval》','https://www.manongdao.com/q-561664.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In ASP.NET, the httpRuntime/@requestPathInvalidCharacters attribute defaults to <,>,*,%,&,:,\. These characters, as I understand, are disallowed in the path portion of a URL (based on the default setting of this attribute), but some of them should be allowed. Out of that list, I struggle to understand why *,&,: are disallowed by default. E.g., the following URLs are valid but would be rejected by default by ASP.NET:
To get a unique person by email: http://myservice.com/People/Email=jim@smith.net
To get a unique locality within a state: http://myservice.com/States/VA/Localities/FIPS=001
I could also swap out the = for : to make ASP.NET reject the URL by default. But these characters/URLs are valid and should/do work fine.
So, does anyone have any insight into why these disallowed characters were chosen?
(Related post/answer: https://stackoverflow.com/a/13500078/374198)