Potentially dangerous Request.Path value

Topics: Controls
Dec 21, 2011 at 3:11 PM

Hello All,

Going through my error logs trying to fix everything and this another one can't figure out.

I keep getting this error:

---------------------------------------------------

A potentially dangerous Request.Path value was detected from the client (%).

System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (%).
   at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

-------------------------------------------------------------------------------------------------------------------

URL :/post/HTML-Div-tag-inside-HTML-P-%2528paragraph%2529-tag-does-not-work-correctly-.aspx   (Took full url out to prevent going directly)  

Its the html escape chars like "%2528" aka "("  that are causing this error.

That URL is no longer there i took out the "(" so it only has "-"  and it is being redirected with the SeoRedirection Extension.

So if you go to:

http://programmingsolution.net/post/HTML-Div-tag-inside-HTML-P-(paragraph)-tag-does-not-work-correctly-.aspx

it redirects to:

http://programmingsolution.net/post/HTML-Div-tag-inside-HTML-P-paragraph-tag-does-not-work-correctly.aspx

No problem. No Errors

But when you go directly to:

/post/HTML-Div-tag-inside-HTML-P-%2528paragraph%2529-tag-does-not-work-correctly-.aspx

That is when you get the error which the user sees:

Server Error in '/' Application.  Error

The log file and Elamah reports this as:

A potentially dangerous Request.Path value was detected from the client (%)

So the SeoRedirection seems not to catch the URL before the server does.

Because I have for the old url:

Old URL: [sitename] /post/HTML-Div-tag-inside-HTML-P-%2528paragraph%2529-tag-does-not-work-correctly-.aspx

New URL:  http://programmingsolution.net/post/HTML-Div-tag-inside-HTML-P-paragraph-tag-does-not-work-correctly.aspx

But it appears that the "-%2528" is sent before the Redirector can redirect it.


So how do you catch the html escape chars before it goes to the server giving an error?

Thanks,

Brian Davis

 

Dec 22, 2011 at 8:54 PM

bump :)

Dec 26, 2011 at 6:09 PM

bump