问题
In ASP.NET, the httpRuntime/@requestPathInvalidCharacters attribute defaults to <,>,*,%,&,:,\. These characters, as I understand, are disallowed in the path portion of a URL (based on the default setting of this attribute), but some of them should be allowed. Out of that list, I struggle to understand why *,&,: are disallowed by default. E.g., the following URLs are valid but would be rejected by default by ASP.NET:
To get a unique person by email: http://myservice.com/People/Email=jim@smith.net
To get a unique locality within a state: http://myservice.com/States/VA/Localities/FIPS=001
I could also swap out the = for : to make ASP.NET reject the URL by default. But these characters/URLs are valid and should/do work fine.
So, does anyone have any insight into why these disallowed characters were chosen?
(Related post/answer: https://stackoverflow.com/a/13500078/374198)
来源:https://stackoverflow.com/questions/35653835/why-does-the-default-setting-for-requestpathinvalidcharacters-exclude-otherwis