I need to be able to allow query strings that contain characters like ‘<‘ and ‘>’. However, putting something like id=mi<ke into the the URL will output an error page saying:
A potentially dangerous Request.QueryString value was detected from the client (id=’mi<ke’).
If I first url encode the url (to create id=mi%3Cke) I still get the same error. I can get around this by putting ValidateRequest=’false’ into the Page directive, but I’d prefer not to do that if at all possible.
So is there anyway to allow these characters in query strings and not turn off ValidateRequest?
EDIT: I want to allow users to be able to type the urls in by hand as well, so encoding them in some way might not work.
I ran into a problem similar to this. I chose to base64 encode the query string to work around it. using
to get the string as bytes and then
to turn it into a ‘safe’ string.
To get it back, use:
and then:
to reverse the polarity of the flow.