从客户端检测到潜在危险的 Request.Path 值 (*) [英] A potentially dangerous Request.Path value was detected from the client (*)

查看:50
本文介绍了从客户端检测到潜在危险的 Request.Path 值 (*)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我收到了不言自明的错误:

I am receiving the rather self explanatory error:

从客户端 (*) 检测到潜在危险的 Request.Path 值.

A potentially dangerous Request.Path value was detected from the client (*).

问题是由请求 URL 中的 * 引起的:

The issue is due to * in the request URL:

https://stackoverflow.com/Search/test*/0/1/10/1

此 url 用于填充搜索页面,其中test*"是搜索词,url 的其余部分与各种其他过滤器相关.

This url is used to populate a search page where 'test*' is the search term and the rest of the url relates to various other filters.

是否有一种简单的方法可以在 URL 中允许这些特殊字符?我试过修改 web.config,无济于事.

Is there an easy way to allow these special characters in the URL? I've tried modifying the web.config, to no avail.

我应该手动编码/解码特殊字符吗?或者是否有这样做的最佳实践,我想避免使用查询字符串.- 但它可能是一种选择.

Should I manually encode / decode the special characters? Or is there a best practice for doing this, I would like to avoid using query strings. - but it may be an option.

应用程序本身是一个 c# asp.net webforms 应用程序,它使用路由来生成上面的漂亮 URL.

The application itself is a c# asp.net webforms application that uses routing to produce the nice URL above.

推荐答案

URL的路径中不允许使用*字符,但是在查询字符串中使用是没有问题的:

The * character is not allowed in the path of the URL, but there is no problem using it in the query string:

http://localhost:3286/Search/?q=test*

这不是编码问题,* 字符在 URL 中没有特殊含义,因此 URL 是否对其进行编码并不重要.您需要使用不同的方案对其进行编码,然后对其进行解码.

It's not an encoding issue, the * character has no special meaning in an URL, so it doesn't matter if you URL encode it or not. You would need to encode it using a different scheme, and then decode it.

例如使用任意字符作为转义字符:

For example using an arbitrary character as escape character:

query = query.Replace("x", "xxx").Replace("y", "xxy").Replace("*", "xyy");

和解码:

query = query.Replace("xyy", "*").Replace("xxy", "y").Replace("xxx", "x");

这篇关于从客户端检测到潜在危险的 Request.Path 值 (*)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆