By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,313 Members | 2,798 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,313 IT Pros & Developers. It's quick & easy.

Breaking URL character combinations

P: n/a
I have found that some strange combinations of characters in a URL can cause
an error in my ASP.NET application.
This is regarding URL Paramters

For example:
if i have the URL:
http://www.mysite.com/home.aspx?param=123

my page loads fine

But the URL:
http://www.mysite.com/home.aspx?param=%23%26

causes an application error.

Two of these combinations i have found are
%23%26
and
%3cb

Why do these combinations of characters cause an application error, and how
can i find out which other characters will.
These two combinations originated from crawlers on my site and at time and
generate hundreds of errors in a few minutes.

At the moment i'm using an Isapi Rewrite to remove these harmful characters,
but would like to know if there is a list of other harmful combinations i
can look out for

Thank you

Grant
Nov 18 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
If in the page attributes you set validaterequest="false" you should not
have any error.
The default value is set to true to prevent the script-injection.

"GrantMagic" <gr***@magicalia.com> ha scritto nel messaggio
news:%2****************@TK2MSFTNGP14.phx.gbl...
I have found that some strange combinations of characters in a URL can
cause an error in my ASP.NET application.
This is regarding URL Paramters

For example:
if i have the URL:
http://www.mysite.com/home.aspx?param=123

my page loads fine

But the URL:
http://www.mysite.com/home.aspx?param=%23%26

causes an application error.

Two of these combinations i have found are
%23%26
and
%3cb

Why do these combinations of characters cause an application error, and
how can i find out which other characters will.
These two combinations originated from crawlers on my site and at time and
generate hundreds of errors in a few minutes.

At the moment i'm using an Isapi Rewrite to remove these harmful
characters, but would like to know if there is a list of other harmful
combinations i can look out for

Thank you

Grant

Nov 18 '05 #2

P: n/a
presumably your code is expecting a number, and blowup when you get a string
like "#&". the crawlers are probably having a hard time parsing you pages,
check that you are generating valid html. run your page output through an
html validation suite. note: you will be stuck with the illegal html that
asp.net generates (bad identitfiers).
-- bruce (sqlwork.com)
"GrantMagic" <gr***@magicalia.com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
I have found that some strange combinations of characters in a URL can cause an error in my ASP.NET application.
This is regarding URL Paramters

For example:
if i have the URL:
http://www.mysite.com/home.aspx?param=123

my page loads fine

But the URL:
http://www.mysite.com/home.aspx?param=%23%26

causes an application error.

Two of these combinations i have found are
%23%26
and
%3cb

Why do these combinations of characters cause an application error, and how can i find out which other characters will.
These two combinations originated from crawlers on my site and at time and
generate hundreds of errors in a few minutes.

At the moment i'm using an Isapi Rewrite to remove these harmful characters, but would like to know if there is a list of other harmful combinations i
can look out for

Thank you

Grant

Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.