SUN SUN - 1 year ago 350
ASP.NET (C#) Question

A potentially dangerous Request.Path value was detected from the client (<)

I first searched for this issue on stack & some other sites & implemented solution in web.config file but still getting the error..

My web.config

<compilation debug="true" strict="false" explicit="true" targetFramework="4.5.2"/>
<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,:,\,?" targetFramework="4.5.2" requestValidationMode="2.0"/>
<customErrors mode="Off"/>
<trust level="Full"/>
<pages validateRequest="false">
<add namespace="System.Runtime.Serialization"/>
<add namespace="System.ServiceModel"/>
<add namespace="System.ServiceModel.Web"/>

I am trying to get Iframe source values from my db table. It's google map I want to include in my page..

Answer Source

This error signals that you are issuing web request with '<' character, and Asp.Net has some prevention against using potentially malicious characters. You should probably set

<system.web><httpRuntime requestPathInvalidCharacters="" /><pages validateRequest="false" /></system.web>

See also

But keep in mind that you are switching off functionality that exists to make it harder for attackers to break your web application. So, if I were you, I would first think if I can change the app to not use forbidden chars in URLs

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download