I’m having problems with requests that include ‘dangerous characters’ as part of a Web

Question

0

Asked: May 31, 20262026-05-31T08:52:37+00:00 2026-05-31T08:52:37+00:00

I’m having problems with requests that include ‘dangerous characters’ as part of a Web

0

I’m having problems with requests that include ‘dangerous characters’ as part of a Web API URL. The Url includes an & which is properly Url encoded, but still causes a Request Validation ASP.NET error.

Unlike MVC there appears to be no [ValidateInput(false)] attribute to force and disable this functionality.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-31T08:52:39+00:00

Turns out the answer is to do this in web.config using:

<system.web>
  <httpRuntime requestPathInvalidCharacters="" />  
</system.web>

You can set this globally or at the sub-directory level. You can leverage the <location path=""> element to specify this setting only underneath certain paths. For example, if your Web API route that was affected lived underneath api/images you could do the following:

<location path="api/images">
  <system.web>
    <httpRuntime requestPathInvalidCharacters="" />  
  </system.web>
</location>

More information: https://msdn.microsoft.com/en-us/library/e1f13641(v=vs.100).aspx

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m having problems with requests that include ‘dangerous characters’ as part of a Web

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply