得到“从客户端(和)中检测到潜在的危险Request.Path值" [英] Getting “A potentially dangerous Request.Path value was detected from the client (&)”
问题描述
我有一个REST服务,当我尝试呼叫名称为& 的项目时,出现上述错误,如果我没有编码,这将是有道理的&
I have a REST Service and when I try and make a call to an item that has a & in it's name, I get the above error, which would make sense if I was not encoded the &
这将是我的电话:
http://localhost:57851/myService/Servers/myServer/Repositories/myRepository/Models/Mine%26Yours
您会看到"Mine& Yours"已被编码为"Mine%26Yours",因此应该是安全的.
You can see "Mine&Yours" has been encoded as "Mine%26Yours" so should be safe.
但是我好像没有对请求进行编码.
But the request is being picked up as though I'd not encoded it.
有什么想法吗?
这不同于()
推荐答案
无论是否编码&
符号,对ASP.NET都没有影响.查看此答案: https://stackoverflow.com/a/12037000/134761
It makes no difference to ASP.NET whether you encode the &
symbol or not. See this answer: https://stackoverflow.com/a/12037000/134761
要在URL路径中允许使用特殊字符,您应该像这样修改web.config
中的requestPathInvalidCharacters
参数:
To allow special characters in your URL path you should modify the requestPathInvalidCharacters
parameter in web.config
like this:
<httpRuntime requestPathInvalidCharacters="" />
或者,如果您只想允许&
但不允许所有其他特殊字符,则:
Or if you want to only allow &
but disallow all other special chars:
<httpRuntime requestPathInvalidCharacters="<,>,*,%,\"/>
这篇关于得到“从客户端(和)中检测到潜在的危险Request.Path值"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!