• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 942
  • Last Modified:

A potentially dangerous Request.Path value was detected from the client (&).

I've looked this error up and tried fixing it for quite a while but am still stuck.

My .NET app, passes a filepath name to a Javascript function that I created, which then passes the path to a Flash audio player to play MP3s.  This works fine except for when there is an ampersand in the file path.  

After reading, I learned to try adding the following to my page directive:  ValidateRequest="false"
This didn't work, so I tried adding it globally in web.config, like so:
    <httpRuntime requestValidationMode="2.0"/>
    <pages validateRequest="false" />

That didn't work either.

Any ideas?

For testing, I was just trying to play the MP3 from my browser by typing in the URL, like so:
www.mysite.com/audio_folder/albums/Jack & Jill/Song123.mp3

This gives me the dangerous request path error.
  • 2
3 Solutions
Try this:

<httpRuntime requestPathInvalidChars="&lt;,&gt;,*,%,:,\,?" />

Alan WarrenCommented:
Have you tried passing an HtmlEncoded File path to the JavaScript function?

Dave BaldwinFixer of ProblemsCommented:
'&' is supposed to be used as a query string separator and spaces are supposed to be urlencoded as '%20'.  While they may be valid on your machine, they are trouble on the web.  I always remove spaces from filenames and paths and would not use an '&' in them either.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now