We have a web api with the following resource url.
http://www.example.com/book/bookid/name/bookname now there are some books which contains names with ampersand '&' and when a request is made for such names, we are receiving below error
URL used:
http://www.example.com/book/123/name/ban&ban Error: A potentially dangerous Request.Path value was detected from the client (&)
We tried passing or using encoded value for & i.e. %26 and getting same error.
URL used:
http://www.example.com/book/123/name/ban%26ban Error: A potentially dangerous Request.Path value was detected from the client (&)
Now, when I added requestPathInvalidCharacters="" property in the web.config in httpruntime element, it started working fine for both the above urls. But, when I read different articles, it is said that it is not a good practice to use requestPathInvalidCharacters="" property.
Also, since there are lot of book names in production with "&" and different special characters, we cannot avoid sending "&" ampersand for book names, is there a good way to handle this?
1 Answers
Answers 1
You should opt into using parameter instead of path in your querystring. For example: http://www.example.com/book/bookid?name=Fizz&bookname=Buzz
Here's some explanation on why this exception is raised: http://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx
0 comments:
Post a Comment