我有一个简单的Web Api控制器,其设置如下:
[Authorize]
[RoutePrefix("api/messageDetail")]
public class MessageDetailController : ApiController
{
[Route("{messageId}")]
public HttpResponseMessage GetMessageDetail(string messageId)
{
var result = MtFacade.GetAmlResults(messageId);
var results = new List<string>();
results.AddRange(result.Select(item => ((AmlResults) item).Result));
return messageId == null ? Request.CreateErrorResponse(HttpStatusCode.BadRequest, "No messageId provided") : Request.CreateResponse(HttpStatusCode.OK, results);
}
}
有人可以帮助我对传入的参数进行URLE编码,因为它导致了“潜在危险的反应”。传递这样的东西时:
servername.sometext.1.:3/0
答案 0 :(得分:1)
Scott Hanselman对这个问题(以及一些解决方案)有一个很好的写作:http://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx