Why I am getting this error with Request.Url.PathAndQuery?

Question

As I have been requested by my instructor to use AntiXss library in the development of my senior project, I am facing a lot of difficulties of using this library because of the lack of resources on the web. A part of my project I have an upload file function where the user will be able to upload files, and after uploading his files, he will be redirected to the same page to see some other information. Everything works fine, but when I added AntiXss library and use it with the following line only, I got this error

(HTTP 400 Error - Bad Request)

and I don't know why. Could anyone tell me why I am getting this error? And how to fix it?

C# Code:

Response.Redirect(Encoder.HtmlFormUrlEncode(Request.Url.PathAndQuery));

If you want the user to be rediredted to the previous page, why you need to use PAthandQuery ? — Sakthivel, Mar 23 '13 at 05:43

score 0 · Answer 1 · answered Mar 23 '13 at 04:16

Break up your code and look at each step:

Take the incoming request's URL, and extract out the path and query.
Run that through a form-based encoder
Redirect to that string

What do you think a form-based encoder would do in order to prevent XSS attacks?

Try this:

Response.Write(Encoder.HtmlFormUrlEncode("http://www.stackoverflow.com"));

What is written out? Try putting that in a web browser, and you'll likely get a 400 (or a 502) error.

score 0 · Answer 2 · answered Mar 23 '13 at 05:49

0

Request.Url.PathAndQuery

The above syntax returns `/Cambia3/Temp/Test.aspx?query=arg`

For further url references check this

HtmlFormUrlEncode gets string and encode as parameters. for further info on that see here

answered Mar 23 '13 at 05:49

Sakthivel

1,890
2
21
47

Why I am getting this error with Request.Url.PathAndQuery?

2 Answers2