Potentially dangerous Request.Path value was detected

David Pearson asked on September 9, 2021 21:07

Kentico v11.0.49

Our search results page generates the following error. A potentially dangerous Request.Path value was detected from the client (&).

The url has &searchmode=anywordorsynonyms attached to the end of it.

The offending character is &.

Has anyone seen this issue before. Where should I look to fix this issue?

Correct Answer

David Pearson answered on September 9, 2021 22:27

We are able to generate the error in the event log, just searching. It is flooding the event log.

I was able to prevent the error with this in the web config just now: I removed & from the invalid characters list. requestPathInvalidCharacters="<,>,*,%,:,\,?"

0 votesVote for this answer Unmark Correct answer

Recent Answers

David te Kloese answered on September 9, 2021 22:14

The searchmode param is usually added by the Search Web Part (With or without results). Check the settings there if you need it.

Question though: does it actually break functionality? Or is it incidental in the EventLog.

If you're not causing it yourself there are always going to be some errors now and then. Could be wrong encoded by some obscure browser or external robot search indexer... someone testing your site for vulnerabilities or sometimes 'bits' just get lost along the way.

So unless it's flooding your event log, actually breaking functionality or real users report getting an error (often) I wouldn't spend to much time trying to fix it.

1 votesVote for this answer Mark as a Correct answer

Ryan Hillier answered on April 11, 2022 08:11

did you end up fixing this bug? Very interested to know the solution.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.