I have a default.aspx page
When a user views this page as -
www.mysite.com/default.aspx/? & # & emp = 1 ']]; alert (2); [[' 1
a warning appears. To prevent such an attack, I would like to get the entire line entered in the browser, but incapable.
[NOTE: As you can see, the text is after? it doesn't have to be a query string. These are random characters here. If it were a query string, I could get this in code.]
protected void Page_Load(object sender, EventArgs e)
{
string query = HttpContext.Current.Request.ServerVariables["URL"] +
HttpContext.Current.Request.ServerVariables["PATH_INFO"] +
HttpContext.Current.Request.ServerVariables["QUERY_STRING"];
}
In the 'request' I only get /default.aspx/default.aspx/&
How can I get the whole line specified in the address bar.
UPDATE:
HttpContext.Current.Request.Url.AbsoluteUrigives ?&
HttpContext.Current.Request.Url.ToString()gives http: //mysite/default.aspx/? &
, , , , . .
:
-, .
. , # .
AmateurProgrammer .