A potentially dangerous Request.Path value was detected from the client (?)

I came across a weird anomaly in ASP.NET and AJAX, I had an editing page where I modified information and saved it to the database (on a button click) and wanted to return back to the search result page where a GridView would show the record that was just modified. This meant having to pass the id of the record back as well.

So I simply appended the id of the record to a query string and did a Response.Redirect on the save button click like so:

protected void btnSave_Click(object sender, EventArgs e)
    //save the data and redirect back to the main page which opened this page for editing
    Response.Redirect("/Search.aspx?" + "CompId=" + compid.ToString());

and here is what happened:

This was weird.

It turned out that the button firing the redirect was in an update panel and this was causing the redirect asynchronously which somehow caused these characters to get encoded to “%2f” and “%3f” (see the URL in the red oval in the above screen grab, not sure why this happened though) and the server blocked these characters as potentially dangerous ones to avoid any HTML being injected into the URL. So to work around this, I registered the button as a synchronous post back control in the Page_Load event of the page firing the Response.Redirect like so (atleast this is what worked for me):

The edit page:

protected void Page_Load(object sender, EventArgs e)

This causes a synchronous post back and the destination page gets reloaded and its view state gets initialised from scratch just like it would have even if the post back was asynchronous (ofcourse, if the characters were escaped), so no benefit of asynchrony was lost due to this change. If anyone knows why this weird anomaly happened, please feel free to explain in a comment. Hope this helps anyone with a similar problem.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.