Home/ Questions/Q 8025381
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T23:08:51+00:00

We’ve got an ASP.NET MVC project which has a REST API being consumed by

  • 0

We’ve got an ASP.NET MVC project which has a REST API being consumed by a web front-end using Backbone. One of the pieces of functionality is a free text search, which currently uses a URL like this:

http://server/Search/{search-query}/{page-number}/{page-count}

This points to a Search Controller like this (with a route mapped accordingly):

public JsonResult Search(string query, int page, int pageSize)
{
    // Do search
}

It works fine for simple queries with single words or nothing with complicated characters (eg test, hello+world), but it seems like some special characters like *, &, etc break this fairly easily, and result in the following error:

A potentially dangerous Request.Path value was detected from the client

As the search query is user-entered via a text box, this needs to be more resilient to dealing with search queries that contain invalid characters.

I’ve tried encoding the search string using encodeURIComponent, but it doesn’t seem to encoding all of the problematic characters.

Is there a recommended method of allowing free text search via a REST API? Any thoughts or advice would be appreciated. Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think its better to put the paging parameters in the query string too, rather than in the resource path. After all they are search dependent and not subresources of the resource you are searching in. Also there is this “/Search/Search/”, which seems a bit redundant.

    So I think your search URL should be:

    http://server/Search/?q=hello+world&page=1&page_size=10
    • 0