I have this code
<script type="text/javascript">
$(function () {
var selectedAmenities = "";
function amenitiesLog(message) {
$("<div/>").text(message).appendTo("#amenitiesLog");
$("<br/>").text("").appendTo("#amenitiesLog");
$("#amenitiesLog").scrollTop(0);
selectedAmenities = document.getElementById("amenitiesLog").innerHTML;
}
$("#Amenities").autocomplete({
//source: "/Results/GetAmenities",
source: function (request, callback) {
var url = "/Results/GetAmenities?selected=" + selectedAmenities + '&term=' + request.term;
$.getJSON(url, callback);
},
minLength: 3,
select: function (event, ui) {
if (ui.item != null)
amenitiesLog(ui.item.value);
}
});
});
</script>
Which causes this url to be generated and called
http://localhost:63320/Results/GetAmenities?selected=%3Cdiv%3EAir%20conditioning%3C/div%3E%3Cbr%3E&term=abc
The error I get in Firebug is this
A potentially dangerous Request.QueryString value was detected from the client (selected="<div>Air conditionin...").
What is the solution?
Thanks,
Sachin
I had something similar to this once and I had to declare what my invalid URL characters were. I did this in my web config as:
Where ‘requestPathInvalidCharacters’ contained the invalid characters, so in my case, I removed the colon as I needed this in my URL.
This worked for me but as to whether there are some security risks here that you need to think about, I don’t know.