0

I'm still a bit new to ASP.Net MVC and Custom Routing and I'm not quite sure how to ask this question other than to post the URL link and the route that I'm using and ask for advice.

The problem is:

A potentially dangerous Request.Path value was detected from the client (&).

This is being caused by an "&" symbol inside my link:

http://localhost/search/cars-&-motorcycles

And, here's my route:

routes.MapRoute(
    "CategorySearch",
    "category/{searchcriteria}",
    new { controller = "Listing", action = "Index", isCategory = true, searchcriteria = UrlParameter.Optional }
);

What I want to do is strip out the "&" from the optional paramter before it gets passed, hopefully that will correct the "potentially dangerous" issue that I'm experiencing. I've tried to use

UrlParameter.Optional.ToString().Replace("&", "")

Is it even possible to strip out that "&" symbol from somewhere inside the Route.MapRoute method at all?

Improve this question
2
  • 1
    Isn't this easily solvable by just percent-encoding the ampersand? stackoverflow.com/q/16622504 Commented Jun 1, 2014 at 23:05
  • Thanks Robert, I was trying to react to the incoming invalid symbol, instead of changing it to send the encoded symbol as you and itsme86 suggested. Commented Jun 2, 2014 at 0:06

1 Answer 1

Reset to default
1

You can encode it using HtmlHelper.Encode:

string encodedUrl = HtmlHelper.Encode("http://localhost/search/cars-&-motorcyles");
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Can you do this within the routing engine?
That was really my main question, and although this solution solves it for me, I was actually wanting to do this inside the actual routing engine itself to handle if and when a user enters an invalid symbol in a search text box. Instead I'll need to strip it before posting the data.
If I recall correctly, the "potentially dangerous Request" (request validation) is triggered very early in the request pipeline. I suspect it will be thrown before it gets to your routing. You would have to disable request validation. I would do that anyway.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.