问题
I have implemented search functionality to look for data with a (part of a) code as search criteria, which includes a . (dot) in the value, so it should be possible to include that in the search criteria.
Consider url:
myhost/api/search/88.
Out of the box, without doing anything extra, that will result in a 404 error. While, not surprisingly, the url works fine if I remove the dot.
I found this as possible answer on StackOverflow:
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true" />
</system.web>
Question
This does the trick, but I am not sure if this is the best solution. I mean, having a relaxed url mechanism is fine if it's otherwise harmless, but I wouldn't want to have trouble with other chars that would cause more damage than the dot I want now. Maybe I'm opening the door to hell just for this fix...
Can I trust this solution or is there a safer alternative?
回答1:
If the value being passed into the URL is a search term that can be entered by the user, I wouldn't configure my routing system to handle these values because they are unpredictable.
You should encode the string and pass it through the query string or post it and bind it to an object in WebAPI.
In terms opening the door to hell I think that you should consider the points raised in this question. If you have to set something like relaxedUrlToFileSystemMapping which is something that appears to relax some of the default security systems of ASP.NET MVC I'd tend to lean towards a solution that doesn't rely on a change like this.
来源:https://stackoverflow.com/questions/33361785/mvc-web-api-dot-in-url-parameter-value