It's possible to get a string via Request.QueryString.Get("url") but ASP.NET raises an exception: "A potentially dangerous Request.Path value was detected frfom the client".
I'm not gonna trust this url for any purpose (for example just redirecting client to that url). Am I supposed to change my design or simply turn off the ASP.NET exception ? How to suppress this validation ?
views:
33answers:
1
+1
A:
its as dangerous as any other form as user input really. depends on what you're going to use it for.
asp.net will try to restrict certain possible 'mistakes' you might make, in this case its doing request validation, to prevent possible XSS etc, and try to save you from yourself. you can of course override this <%@ Page validateRequest="false" %>, but you're going to need to really make sure you dont introduce a security issue in your system now.
jasper
2010-10-31 21:15:05