A potentially dangerous Request.Path value was detected from the client
Posted by eedoh - May 7 ’14 at 04:00
Hi.
I get this message (from the forum post title) when I click on a button with the following onClick handler method
fd.field('Distribute').value('B');
fd.sourceFormParam(window.location.href);
fd.save().click();
Weird thing is that the same handler works perfectly on it's "sister" form that this is copy/pasted from. Any suggestions?
Thanks.
-
Dmitry KozlovAdminMember for: 9 years 8 months 16 days
Seems, your URL contains characters which are not allowed in asp.net. Could you provide the query-string of the form?
-
eedohMemberMember for: 9 years 4 months 7 days
This appears in few places. Here's one of the urls generated by the code provided above, which causes mentioned error.
http://lewisspcs.cloudapp.net/sites/job1/Lists/BIM%2520Log/fd_Item_cd15535a-134f-45d0-bad0-9ab629b8bda7_Edit.aspx?List=290cebea-a19a-499d-a4fd-46dc264ca1f4&ID=3&Source=http%3a%2f%2flewisspcs.cloudapp.net%2fsites%2fjob1%2fLists%2fBIM%2520Log%2fDashboard%2520View.aspx&Web=cdbedab6-2d22-4822-9087-c32d821fb2ee
-
Dmitry KozlovAdminMember for: 9 years 8 months 16 days
[#2]: Hello,
The problem is in Source argument which contains an unallowed symbol ':'. How do you open this form? If you form the Source param manually, I would recommend you to use window.location.pathname instead of window.location.href.
-
eedohMemberMember for: 9 years 4 months 7 days
Hi Dmitry.
I'm not sure I understand your response.
Anyway, to answer your question, I open this form on a button click. There's the code used in "OnClick" event handler provided in my original post in this thread.
What do you suggest I should do?
Thanks.
-
Dmitry KozlovAdminMember for: 9 years 8 months 16 days
[#4]: Hi,
Please, replace 'window.location.href' in your code with 'window.location.pathname':
fd.field('Distribute').value('B'); fd.sourceFormParam(window.location.pathname); fd.save().click();
-
eedohMemberMember for: 9 years 4 months 7 days
It did not help. I'm still receiving the same error message. I noticed, however, string "%2520" in the above mentioned url, in places where "space" should appear (%20 in some browsers).
I tried replacing this with actual "space" character in text editor, and pasting it in browser. Link did not cause this error messaage any more. I went and tried assigning a javascript variable value of window.location.href.toString().replace(/%2520/g, ' ') and using that as sourceformparam. Generated string still contained %2520, although the variable value did not (I checked
).
Can this be a bug inside spform?
P.S.
This is the code I've tried and mentioned above.
fd.field('Distribute').value('B');
var thehref = window.location.href.toString().replace(/%2520/g, ' ');
fd.sourceFormParam(thehref);
//alert(thehref);
fd.save().click(); -
Dmitry KozlovAdminMember for: 9 years 8 months 16 days
[#6]: Thanks for the detailed information. Please, specify which browser you use: IE8,9,10,11; Chrome, FF, Safari?
-
eedohMemberMember for: 9 years 4 months 7 days
All of them :D.
I did my last testing in FF 29.0.1 though.
-
Dmitry KozlovAdminMember for: 9 years 8 months 16 days
[#8]: Is the issue reproduced in all of them?
-
eedohMemberMember for: 9 years 4 months 7 days
I just reproduced it in FF, IE 11 and Chrome. Safari and older IEs are less important, but if you need me to, I can do those as well.