Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
A potentially dangerous Request.Path
Message
From
01/09/2011 12:06:07
Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada
 
 
To
01/09/2011 11:08:39
Viv Phillips
Hay-On-Wye, United Kingdom
General information
Forum:
ASP.NET
Category:
Other
Title:
Re: A potentially dangerous Request.Path
Environment versions
Environment:
VB 9.0
OS:
Windows 7
Network:
Windows 2003 Server
Database:
MS SQL Server
Application:
Web
Miscellaneous
Thread ID:
01522446
Message ID:
01522495
Views:
29
I did add the following in Web.Config in the httpRunTime tag:

requestValidationType="Framework.Framework.CustomRequestValidation,Framework"

I verified that it is using it. If I change the namespace to something else or the assembly name to something else, IIS will report the error. So, this is the proper syntax.

Just to be sure it would go in it, I simply entered a redirect command at first:
    Public Class CustomRequestValidation
        Inherits System.Web.Util.RequestValidator

        Protected Overloads Overrides Function IsValidRequestString(ByVal context As HttpContext, ByVal value As String, _
         ByVal requestValidationSource__1 As System.Web.Util.RequestValidationSource, ByVal collectionKey As String, _
         ByRef validationFailureIndex As Integer) As Boolean

            HttpContext.Current.Response.Redirect("Default.aspx")
But, I still have the error.

The redirection does not take place. So, it seems the IIS still has priority over this code and shows me the standard "A potentially dangerous Request.Path value was detected from the client (&)." message.
Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform