SUN SUN - 3 months ago 130
ASP.NET (C#) Question

A potentially dangerous Request.Path value was detected from the client (<)

I first searched for this issue on stack & some other sites & implemented solution in web.config file but still getting the error..

My web.config

<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5.2"/>
<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,:,\,?" targetFramework="4.5.2" requestValidationMode="2.0"/>
<customErrors mode="Off"/>
<trust level="Full"/>
<pages validateRequest="false">
<namespaces>
<add namespace="System.Runtime.Serialization"/>
<add namespace="System.ServiceModel"/>
<add namespace="System.ServiceModel.Web"/>
</namespaces>
</pages>
</system.web>


I am trying to get Iframe source values from my db table. It's google map I want to include in my page..

Answer

This error signals that you are issuing web request with '<' character, and Asp.Net has some prevention against using potentially malicious characters. You should probably set

<system.web><httpRuntime requestPathInvalidCharacters="" /><pages validateRequest="false" /></system.web>

See also http://www.christophercrooker.com/use-any-characters-you-want-in-your-urls-with-aspnet-4-and-iis

But keep in mind that you are switching off functionality that exists to make it harder for attackers to break your web application. So, if I were you, I would first think if I can change the app to not use forbidden chars in URLs