A potentially dangerous Request.Path value was detected from the client (<) System.Web.HttpRequest.ValidateInputIfRequiredByConfig()

0
votes

I'm using WEB API 2. Whenever somebody tries to insert the script into my API, I want to throw 404 or 400 error with a custom message, and not 500 error.

This is different from SO question - Getting "A potentially dangerous Request.Path value was detected from the client (&)" because I don't want to allow, but throw custom errors.

Basically, I want to just return if the script is detected, without executing any controllers, if possible.

1
c#asp.netasp.net-web-apiasp.net-web-api2xss

1 Answers

0
votes

Could you please provide some clarity on why you want to do this?

I would recommend that you look at the global.asax event Application_BeginRequest() and check the unvalidated properties in a custom method here. That will ensure you dont need to completely disable the validation and leave yourself vulnerable?