You must Sign In to post a response.
- Category: ASP.NET
- #765363Hi pinky,
As you have mentioned, you are using htmlencode for some of the characters.
But when user use browser's back button, you can use htmldecode for those characters before displaying them to user.
Hope it helps.
- #765364Asp.Net 4.0+ comes with a very strict built-in request validation, part of it is the potential dangerous characters in the url which may be used in XSS attacks. Here are default invalid characters in the url , as < > * % & : \ ?
To resolve this, You can change this behavior in your config file: see below
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" />
OR you can use following settings
<httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
<pages validateRequest="false" />
Editor, DotNetSpider MVM
Microsoft MVP 2014 [ASP.NET/IIS]