CODEWITHSUNDEEP
c#asp.net
SUN
SUN

Reputation: 973

A potentially dangerous Request.Path value was detected from the client (<)

I first searched for this issue on stack & some other sites & implemented solution in web.config file but still getting the error..

My web.config

<system.web>    
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.5.2"/>
    <httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,:,\,?" targetFramework="4.5.2" requestValidationMode="2.0"/>
      <customErrors mode="Off"/>
      <trust level="Full"/>
    <pages validateRequest="false">
      <namespaces>
        <add namespace="System.Runtime.Serialization"/>
        <add namespace="System.ServiceModel"/>
        <add namespace="System.ServiceModel.Web"/>
      </namespaces>
    </pages>
  </system.web>

I am trying to get Iframe source values from my db table. It's google map I want to include in my page..

Upvotes: 3

Views: 2534

Answers (1)

oldbam
oldbam

Reputation: 2487

This error signals that you are issuing web request with '<' character, and Asp.Net has some prevention against using potentially malicious characters. You should probably set

<system.web><httpRuntime requestPathInvalidCharacters="" /><pages validateRequest="false" /></system.web>

See also http://www.christophercrooker.com/use-any-characters-you-want-in-your-urls-with-aspnet-4-and-iis

But keep in mind that you are switching off functionality that exists to make it harder for attackers to break your web application. So, if I were you, I would first think if I can change the app to not use forbidden chars in URLs

Upvotes: 1

Related Questions