I am presently working on the security module of an umbraco website and have come across a serious issue which I am unable to solve. When the user inserts '<' or '&' in the URL an error is shown, I've attached a screenshot of it. I have managed to make a custom error page which takes care of error 404 but I am struggling to solve the above mentioned issue.i have to redirect user to default error page when such error take place.
When you want to use "special characters" in a URL, it is best to use the Server.UrlEncode method when building the URL. This will transform the chartacters in URL-friendly version, which you will automatically get back as the original characters on the server.
I don't have to use special character in any case.but our website is under security audit,and acording their guidline security firm provided the above issue.
A potentially dangerous Request.Path error
I am presently working on the security module of an umbraco website and have come across a serious issue which I am unable to solve. When the user inserts '<' or '&' in the URL an error is shown, I've attached a screenshot of it. I have managed to make a custom error page which takes care of error 404 but I am struggling to solve the above mentioned issue.i have to redirect user to default error page when such error take place.
Hoping to hear from u soon.
Thanking you,
Mohammed .
Hi Mohammed,
When you want to use "special characters" in a URL, it is best to use the Server.UrlEncode method when building the URL. This will transform the chartacters in URL-friendly version, which you will automatically get back as the original characters on the server.
Hope this helps.
Cheers,
Michael.
Hi Michael
I don't have to use special character in any case.but our website is under security audit,and acording their guidline security firm provided the above issue.
Hi Mohammed,
In that case, I think you can catch the "not caught 404 errors" in your global.asax: you can implement a method
in which you can set code to handle the error (log, ...) and then redirect to your default error page.
Hope this helps.
Cheers,
Michael.
Hi Michael
Can u provide me a best way to add "app_error()" method.i have tried with adding a http module but it's not working .
http://www.asp.net/web-forms/tutorials/deployment/deploying-web-site-projects/displaying-a-custom-error-page-cs
HI Michael finally got the answer
Thanks for your Quick Reply......!!!!
Cheers,
Mohammed Charolia
Hi Mohammed,
Great! Sorry I could not reply earlier to your previous post, I was in meeting...
But I am glad you figured it out :-)
Cheers,
Michael.
is working on a reply...