473,511 Members | 10,974 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Breaking URL character combinations

I have found that some strange combinations of characters in a URL can cause
an error in my ASP.NET application.
This is regarding URL Paramters

For example:
if i have the URL:
http://www.mysite.com/home.aspx?param=123

my page loads fine

But the URL:
http://www.mysite.com/home.aspx?param=%23%26

causes an application error.

Two of these combinations i have found are
%23%26
and
%3cb

Why do these combinations of characters cause an application error, and how
can i find out which other characters will.
These two combinations originated from crawlers on my site and at time and
generate hundreds of errors in a few minutes.

At the moment i'm using an Isapi Rewrite to remove these harmful characters,
but would like to know if there is a list of other harmful combinations i
can look out for

Thank you

Grant
Nov 18 '05 #1
2 1479
If in the page attributes you set validaterequest="false" you should not
have any error.
The default value is set to true to prevent the script-injection.

"GrantMagic" <gr***@magicalia.com> ha scritto nel messaggio
news:%2****************@TK2MSFTNGP14.phx.gbl...
I have found that some strange combinations of characters in a URL can
cause an error in my ASP.NET application.
This is regarding URL Paramters

For example:
if i have the URL:
http://www.mysite.com/home.aspx?param=123

my page loads fine

But the URL:
http://www.mysite.com/home.aspx?param=%23%26

causes an application error.

Two of these combinations i have found are
%23%26
and
%3cb

Why do these combinations of characters cause an application error, and
how can i find out which other characters will.
These two combinations originated from crawlers on my site and at time and
generate hundreds of errors in a few minutes.

At the moment i'm using an Isapi Rewrite to remove these harmful
characters, but would like to know if there is a list of other harmful
combinations i can look out for

Thank you

Grant

Nov 18 '05 #2
presumably your code is expecting a number, and blowup when you get a string
like "#&". the crawlers are probably having a hard time parsing you pages,
check that you are generating valid html. run your page output through an
html validation suite. note: you will be stuck with the illegal html that
asp.net generates (bad identitfiers).
-- bruce (sqlwork.com)
"GrantMagic" <gr***@magicalia.com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
I have found that some strange combinations of characters in a URL can cause an error in my ASP.NET application.
This is regarding URL Paramters

For example:
if i have the URL:
http://www.mysite.com/home.aspx?param=123

my page loads fine

But the URL:
http://www.mysite.com/home.aspx?param=%23%26

causes an application error.

Two of these combinations i have found are
%23%26
and
%3cb

Why do these combinations of characters cause an application error, and how can i find out which other characters will.
These two combinations originated from crawlers on my site and at time and
generate hundreds of errors in a few minutes.

At the moment i'm using an Isapi Rewrite to remove these harmful characters, but would like to know if there is a list of other harmful combinations i
can look out for

Thank you

Grant

Nov 18 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
2745
inserting breaking spaces
by: Chris Sharman | last post by:
Writing a form, several questions have got a list of checkboxes, with associated descriptions (mostly one word), all on a line. Eg: Describe yourself: Fat Hairy Ugly Wears glasses. I want to...
HTML / CSS
36
9431
all possible combinations
by: rbt | last post by:
Say I have a list that has 3 letters in it: I want to print all the possible 4 digit combinations of those 3 letters: 4^3 = 64 aaaa
Python
27
31362
non-breaking hyphen
by: The Bicycling Guitarist | last post by:
Hi. I found the following when trying to learn if there is such a thing as a non-breaking hyphen. Apparently Unicode has a ‑ but that is not well-supported, especially in older browsers. Somebody...
HTML / CSS
22
7975
breaking hyphen?
by: stevenkobes | last post by:
If a word has a hyphen in it, IE will permit a line break at the hyphen, but Firefox/Mozilla won't. Apparently the Firefox behavior is standards-compliant, but it is not what I want. Is there a...
HTML / CSS
7
4157
XmlDocument.ReadNode() breaking - why?
by: Mark | last post by:
Hi... A colleague just referred this question to me. He's getting an xml file from another party, which he's trying to process into another dom using an XmlTextReader and...
.NET Framework
4
1922
encoding multiple character sets
by: Brian O'Haire | last post by:
Hi I am doing a project where I have to use multiple character sets for the input. They would be English, Symbol and possible Greek, These will be used as symbols for processing an algebraic...
C# / C Sharp
150
6323
Breaking backwards compatibility - good or bad?
by: tony | last post by:
If you have any PHP scripts which will not work in the current releases due to breaks in backwards compatibility then take a look at http://www.tonymarston.net/php-mysql/bc-is-everything.html and...
PHP
4
4536
Breaking hyphen in Mozilla and an IE display problem
by: Rubin | last post by:
1) I want to show a breaking hyphen in Mozilla 1.5.0.4 How do I do that? "Unicode standard annex #14", <http://www.unicode.org/reports/tr14/>, defines 4 breaking hyphens. <quote> Breaking...
HTML / CSS
16
7405
Standard newline character
by: bgold12 | last post by:
Will newlines ever be standardized? I recently discovered that in a textarea, internet explorer adds \r\n for every newline you enter, while firefox adds \n. I know \r is also used in some...
HTML / CSS
0
7245
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7356
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
1
7085
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
5671
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
5069
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
3227
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3214
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
785
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
449
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us