Breaking URL character combinations

G

GrantMagic

I have found that some strange combinations of characters in a URL can cause
an error in my ASP.NET application.
This is regarding URL Paramters

For example:
if i have the URL:
http://www.mysite.com/home.aspx?param=123

my page loads fine

But the URL:
http://www.mysite.com/home.aspx?param=#&

causes an application error.

Two of these combinations i have found are
%23%26
and
%3cb

Why do these combinations of characters cause an application error, and how
can i find out which other characters will.
These two combinations originated from crawlers on my site and at time and
generate hundreds of errors in a few minutes.

At the moment i'm using an Isapi Rewrite to remove these harmful characters,
but would like to know if there is a list of other harmful combinations i
can look out for

Thank you

Grant
 
C

Cirrosi

If in the page attributes you set validaterequest="false" you should not
have any error.
The default value is set to true to prevent the script-injection.
 
B

bruce barker

presumably your code is expecting a number, and blowup when you get a string
like "#&". the crawlers are probably having a hard time parsing you pages,
check that you are generating valid html. run your page output through an
html validation suite. note: you will be stuck with the illegal html that
asp.net generates (bad identitfiers).


-- bruce (sqlwork.com)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top