Page 1 of 2
A potentially dangerous Request.Path value was detected from the client
Posted: 07 May 2014
by eedoh
Hi.
I get this message (from the forum post title) when I click on a button with the following onClick handler method
fd.field('Distribute').value('B');
fd.sourceFormParam(window.location.href);
fd.save().click();
Weird thing is that the same handler works perfectly on it's "sister" form that this is copy/pasted from. Any suggestions?
Thanks.
Re: A potentially dangerous Request.Path value was detected from the client
Posted: 12 May 2014
by Dmitry Kozlov
Seems, your URL contains characters which are not allowed in asp.net. Could you provide the query-string of the form?
Re: A potentially dangerous Request.Path value was detected from the client
Posted: 13 May 2014
by eedoh
This appears in few places. Here's one of the urls generated by the code provided above, which causes mentioned error.
http://lewisspcs.cloudapp.net/sites/job ... 2d821fb2ee
Re: A potentially dangerous Request.Path value was detected from the client
Posted: 14 May 2014
by Dmitry Kozlov
Hello,
The problem is in Source argument which contains an unallowed symbol ':'. How do you open this form? If you form the Source param manually, I would recommend you to use window.location.pathname instead of window.location.href.
Re: A potentially dangerous Request.Path value was detected from the client
Posted: 15 May 2014
by eedoh
Hi Dmitry.
I'm not sure I understand your response.
Anyway, to answer your question, I open this form on a button click. There's the code used in "OnClick" event handler provided in my original post in this thread.
What do you suggest I should do?
Thanks.
Re: A potentially dangerous Request.Path value was detected from the client
Posted: 16 May 2014
by Dmitry Kozlov
Hi,
Please, replace 'window.location.href' in your code with 'window.location.pathname':
Code: Select all
fd.field('Distribute').value('B');
fd.sourceFormParam(window.location.pathname);
fd.save().click();
Re: A potentially dangerous Request.Path value was detected from the client
Posted: 21 May 2014
by eedoh
It did not help. I'm still receiving the same error message. I noticed, however, string "%2520" in the above mentioned url, in places where "space" should appear (%20 in some browsers).
I tried replacing this with actual "space" character in text editor, and pasting it in browser. Link did not cause this error messaage any more. I went and tried assigning a javascript variable value of window.location.href.toString().replace(/%2520/g, ' ') and using that as sourceformparam. Generated string still contained %2520, although the variable value did not (I checked
).
Can this be a bug inside spform?
P.S.
This is the code I've tried and mentioned above.
fd.field('Distribute').value('B');
var thehref = window.location.href.toString().replace(/%2520/g, ' ');
fd.sourceFormParam(thehref);
//alert(thehref);
fd.save().click();
Re: A potentially dangerous Request.Path value was detected from the client
Posted: 21 May 2014
by Dmitry Kozlov
Thanks for the detailed information. Please, specify which browser you use: IE8,9,10,11; Chrome, FF, Safari?
Re: A potentially dangerous Request.Path value was detected from the client
Posted: 21 May 2014
by eedoh
All of them
.
I did my last testing in FF 29.0.1 though.
Re: A potentially dangerous Request.Path value was detected from the client
Posted: 21 May 2014
by Dmitry Kozlov
Is the issue reproduced in all of them?