1. 技术文章
  2. ASP.NET 4 URL limitations: why URL cannot contain any %3f characters

ASP.NET 4 URL limitations: why URL cannot contain any %3f characters

好久不见. 提交于 2020-01-19 05:04:35

问题


http://site.com/page%3fcharacter

This URL will return the following error:

Illegal characters in path.

I'm already put this in web.config:

<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
<pages validateRequest="false"> 
...

How can I fix this error?


回答1:


If you want to allow the request through, you need to add requestPathInvalidCharacters and set it to an empty string:

<system.web>
    <httpRuntime requestPathInvalidCharacters="" />
</system.web>

Edit You should leave your original question in place, because now my answer does not make sense.

But in answer to your second question, that it's because %3f corresponds to '?' which is not allowed in file names on Windows. You can set the relaxedUrlToFileSystemMapping property to true to change this behaviour:

<system.web>
    <httpRuntime requestPathInvalidCharacters=""
                 relaxedUrlToFileSystemMapping="true" />
</system.web>

You might want to look through all of the properties in the HttpRuntimeSection class to see if there's any others that might apply.

You can also implement a sub class of RequestValidator and set up your web.config to use your subclass (that will presumably allow all URLs through?). Personally, I wouldn't bother and just let the built-in classes handle it. It's unlikely that a normal user is every going to accidentally type in "%3f" in a path, and why bother going to so much trouble to improve the use-case for malicious users?

This, by the way, is actually a new feature in ASP.NET 4, which is why Stack Overflow doesn't spit out an error: it's running on .NET 3.5.




回答2:


Here's a nice article by Hanselman explaining all the nooks and crannies related to your issue:

Experiments in Wackiness: Allowing percents, angle-brackets, and other naughty things in the ASP.NET/IIS Request URL




回答3:


Probably because that looks a lot like a malformed url.

& is used as a separator for the query string parameters i.e. site.com/page?some=20&another=15



来源:https://stackoverflow.com/questions/2831142/asp-net-4-url-limitations-why-url-cannot-contain-any-3f-characters

标签
url
asp.net-4.0
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!