Open DinisCruz opened 9 years ago
Hmm... interesting. Taking a look on how to turn this off.
This was fixed with
<system.web>
<httpRuntime requestPathInvalidCharacters="%,&,:,\,?" />
</system.web>
Note, that %,&,:,\,? are characters that will still produce the error.
yap, looks fixed
Note, that %,&,:,\,? are characters that will still produce the error.
yeas, sending
will return
which I think is ok
@tekgirl77 or @michaelhidalgo can you write a unit test that checks both scenarios on the beta.teammentor.net server. This test should be on a separate folder and test (since it will be part of the tests that we will run against the live server (to make sure it is all good))
On IIS, this request:
http://beta.teammentor.net/show/-6234f2d47eb7,%3Ch1%3Equery%3C/h1%3E-1a265c6dffd1,query-09ffeb0d1570/
(ie./show/-6234f2d47eb7,<h1>query</h1>-1a265c6dffd1,query-09ffeb0d1570/
) will throw an IIS error.that doesn't work when running directly on node (at
http://localhost:1337/show/-6234f2d47eb7,%3Ch1%3Equery%3C%3E-1a265c6dffd1,query-09ffeb0d1570/
):I think this is caused by IIS anti-xss validation methods that throw an error on ( < and > )