Why is $ in url causing a 'potentially dangerous Request' error

Question

I have a dollar symbol in a URL, which works when I click on the link, like this:

www.mysite.com/articles/a-url-with-a-$-symbol

However, Raygun is showing some users are receiving an error for this page, with the $ replaced by a &:

Message: A potentially dangerous Request.Path value was detected from the client (&).

URL: www.mysite.com/articles/a-url-with-a-&

The reported browsers that are experiencing this include Chrome, Firefox, IE and Safari.

I know that $ is a reserved chracter, but it is allowed in URLs. What would cause the browser to change it to an & and strip the remaining characters?

Answer 1

Check that your link to that page isn't being HtmlEncoded anywhere. If it is, the $ will get mistakenly encoded as &dollar, which is the Html encoded version.

Recommendations:

1. Check what the referrer page is
2. View the source of the referring page, checking the HTML
3. You'll likely find it's getting encoded in error

Note, it's also easy to HtmlEncode when you mean to UrlEncode, which alters the output slightly based on target use: Difference between Url Encode and HTML encode

I hope that helps.