A potentially dangerous Request.Path value was detected from the client

rss

Posted by eedoh - May 7 ’14 at 04:00

Hi.

I get this message (from the forum post title) when I click on a button with the following onClick handler method

fd.field('Distribute').value('B');
fd.sourceFormParam(window.location.href);
fd.save().click();

Weird thing is that the same handler works perfectly on it's "sister" form that this is copy/pasted from. Any suggestions?

Thanks.

  • Dmitry Kozlov
    Dmitry Kozlov
    Admin
    Member for: 10 years
    #1 by Dmitry Kozlov May 12 ’14 at 03:19

    Seems, your URL contains characters which are not allowed in asp.net. Could you provide the query-string of the form?

  • eedoh
    Member
    Member for: 9 years 7 months 21 days
    #2 by eedoh May 13 ’14 at 12:32

    This appears in few places. Here's one of the urls generated by the code provided above, which causes mentioned error.

     

    http://lewisspcs.cloudapp.net/sites/job1/Lists/BIM%2520Log/fd_Item_cd15535a-134f-45d0-bad0-9ab629b8bda7_Edit.aspx?List=290cebea-a19a-499d-a4fd-46dc264ca1f4&ID=3&Source=http%3a%2f%2flewisspcs.cloudapp.net%2fsites%2fjob1%2fLists%2fBIM%2520Log%2fDashboard%2520View.aspx&Web=cdbedab6-2d22-4822-9087-c32d821fb2ee

  • Dmitry Kozlov
    Dmitry Kozlov
    Admin
    Member for: 10 years
    #3 by Dmitry Kozlov May 14 ’14 at 05:15

    [#2]: Hello,

    The problem is in Source argument which contains an unallowed symbol ':'. How do you open this form? If you form the Source param manually, I would recommend you to use window.location.pathname instead of window.location.href.

  • eedoh
    Member
    Member for: 9 years 7 months 21 days
    #4 by eedoh May 15 ’14 at 02:41

    Hi Dmitry.

    I'm not sure I understand your response.

    Anyway, to answer your question, I open this form on a button click. There's the code used in "OnClick" event handler provided in my original post in this thread.

    What do you suggest I should do?

     

    Thanks.

  • Dmitry Kozlov
    Dmitry Kozlov
    Admin
    Member for: 10 years
    #5 by Dmitry Kozlov May 16 ’14 at 02:30

    [#4]: Hi,

    Please, replace 'window.location.href' in your code with 'window.location.pathname':

    fd.field('Distribute').value('B');
    fd.sourceFormParam(window.location.pathname);
    fd.save().click();
    
  • eedoh
    Member
    Member for: 9 years 7 months 21 days
    #6 by eedoh May 21 ’14 at 08:05

    It did not help. I'm still receiving the same error message. I noticed, however, string "%2520" in the above mentioned url, in places where "space" should appear (%20 in some browsers).

     

    I tried replacing this with actual "space" character in text editor, and pasting it in browser. Link did not cause this error messaage any more. I went and tried assigning a javascript variable value of window.location.href.toString().replace(/%2520/g, ' ') and using that as sourceformparam. Generated string still contained %2520, although the variable value did not (I checked smile).

     

    Can this be a bug inside spform?

     

    P.S.

    This is the code I've tried and mentioned above.

     

    fd.field('Distribute').value('B');
    var thehref = window.location.href.toString().replace(/%2520/g, ' ');
    fd.sourceFormParam(thehref);
    //alert(thehref);
    fd.save().click();

  • Dmitry Kozlov
    Dmitry Kozlov
    Admin
    Member for: 10 years
    #7 by Dmitry Kozlov May 21 ’14 at 08:16

    [#6]: Thanks for the detailed information. Please, specify which browser you use: IE8,9,10,11; Chrome, FF, Safari?

  • eedoh
    Member
    Member for: 9 years 7 months 21 days
    #8 by eedoh May 21 ’14 at 08:28

    All of them :D.

    I did my last testing in FF 29.0.1 though.

  • Dmitry Kozlov
    Dmitry Kozlov
    Admin
    Member for: 10 years
    #9 by Dmitry Kozlov May 21 ’14 at 08:29

    [#8]: Is the issue reproduced in all of them?

  • eedoh
    Member
    Member for: 9 years 7 months 21 days
    #10 by eedoh May 21 ’14 at 08:52

    I just reproduced it in FF, IE 11 and Chrome. Safari and older IEs are less important, but if you need me to, I can do those as well.

Displaying 1 to 10 of 13 messages
Previous12