CODEWITHSUNDEEP
urlencodeservicestack
Rtype
Rtype

Reputation: 915

Encoding issue service stack, quotes and angle bracket being stripped

I have a service stack application, A test service receives a simple request, but I'm finding the value of the request once received isn't matching the original request.

I send in: http://localhost/testapp/test?value=%22test%20data%22%20%3C12345%3E

but the code outputs: test data" 12345>

Note the missing first double quote and the missing left hand angle bracket.

Any ideas why the application would be dropping the first " and the "<"? Is it part of some sort XSS protection?

My code:

public class TestService : RestServiceBase<RequestDto>, IRestService<RequestDto>
{
    public override object OnGet(RequestDto request)
    {
       return request.Value;
    }
}

public class RequestDto
{
    public string Value { get; set; }
}

To allow service stack in the first place to receive requests with "<". I had to switch the applications web.config to use: requestValidationMode="2.0"

Upvotes: 4

Views: 625

Answers (2)

niltz
niltz

Reputation: 1128

This has also been fixed in an upcoming release of servicestack.

See this github issue for further information.

Upvotes: 2

kampsj
kampsj

Reputation: 3149

You need to wrap the entire value in quotes and escape your inner quotes. This is because the querystring parameter is expecting the ServiceStack JSV format. Which means:

Any string with any of the following characters: []{}," is escaped using CSV-style escaping where the value is wrapped in double quotes

See http://www.servicestack.net/docs/text-serializers/json-csv-jsv-serializers for more details.

You need to pass in your value as

?Value="""test data"" <12345>"

or

?Value=%22%22%22test%20data%22%22%20%3C12345%3E%22

This will get deserialized into '

"test data" <12345>

Upvotes: 1

Related Questions