A potentially dangerous Request.Path value was detected from the client

Posted by eedoh - May 7 ’14 at 04:00

• 

  Dmitry Kozlov

  Admin

  Member for: 10 years
  #1 by Dmitry Kozlov May 12 ’14 at 03:19

  Seems, your URL contains characters which are not allowed in asp.net. Could you provide the query-string of the form?

  link flag
• eedoh

  Member

  Member for: 9 years 7 months 21 days
  #2 by eedoh May 13 ’14 at 12:32

  This appears in few places. Here's one of the urls generated by the code provided above, which causes mentioned error.

   

  http://lewisspcs.cloudapp.net/sites/job1/Lists/BIM%2520Log/fd_Item_cd15535a-134f-45d0-bad0-9ab629b8bda7_Edit.aspx?List=290cebea-a19a-499d-a4fd-46dc264ca1f4&ID=3&Source=http%3a%2f%2flewisspcs.cloudapp.net%2fsites%2fjob1%2fLists%2fBIM%2520Log%2fDashboard%2520View.aspx&Web=cdbedab6-2d22-4822-9087-c32d821fb2ee

  link flag
• 

  Dmitry Kozlov

  Admin

  Member for: 10 years
  #3 by Dmitry Kozlov May 14 ’14 at 05:15

  [#2]: Hello,

  The problem is in Source argument which contains an unallowed symbol ':'. How do you open this form? If you form the Source param manually, I would recommend you to use window.location.pathname instead of window.location.href.

  link flag
• eedoh

  Member

  Member for: 9 years 7 months 21 days
  #4 by eedoh May 15 ’14 at 02:41

  Hi Dmitry.

  I'm not sure I understand your response.

  Anyway, to answer your question, I open this form on a button click. There's the code used in "OnClick" event handler provided in my original post in this thread.

  What do you suggest I should do?

   

  Thanks.

  link flag
• 

  Dmitry Kozlov

  Admin

  Member for: 10 years
  #5 by Dmitry Kozlov May 16 ’14 at 02:30

  [#4]: Hi,

  Please, replace 'window.location.href' in your code with 'window.location.pathname':

  fd.field('Distribute').value('B');
  fd.sourceFormParam(window.location.pathname);
  fd.save().click();
  

  link flag
• eedoh

  Member

  Member for: 9 years 7 months 21 days
  #6 by eedoh May 21 ’14 at 08:05

  It did not help. I'm still receiving the same error message. I noticed, however, string "%2520" in the above mentioned url, in places where "space" should appear (%20 in some browsers).

   

  I tried replacing this with actual "space" character in text editor, and pasting it in browser. Link did not cause this error messaage any more. I went and tried assigning a javascript variable value of window.location.href.toString().replace(/%2520/g, ' ') and using that as sourceformparam. Generated string still contained %2520, although the variable value did not (I checked ).

   

  Can this be a bug inside spform?

   

  P.S.

  This is the code I've tried and mentioned above.

   

  fd.field('Distribute').value('B');
  var thehref = window.location.href.toString().replace(/%2520/g, ' ');
  fd.sourceFormParam(thehref);
  //alert(thehref);
  fd.save().click();

  link flag
• 

  Dmitry Kozlov

  Admin

  Member for: 10 years
  #7 by Dmitry Kozlov May 21 ’14 at 08:16

  [#6]: Thanks for the detailed information. Please, specify which browser you use: IE8,9,10,11; Chrome, FF, Safari?

  link flag
• eedoh

  Member

  Member for: 9 years 7 months 21 days
  #8 by eedoh May 21 ’14 at 08:28

  All of them :D.

  I did my last testing in FF 29.0.1 though.

  link flag
• 

  Dmitry Kozlov

  Admin

  Member for: 10 years
  #9 by Dmitry Kozlov May 21 ’14 at 08:29

  [#8]: Is the issue reproduced in all of them?

  link flag
• eedoh

  Member

  Member for: 9 years 7 months 21 days
  #10 by eedoh May 21 ’14 at 08:52

  I just reproduced it in FF, IE 11 and Chrome. Safari and older IEs are less important, but if you need me to, I can do those as well.

  link flag

Show more messages