Vulnerability in EPiServer.Forms
NameValueCollection myCol = new NameValueCollection();
string redirect = CurrentPage.LinkURL + UriSupport.BuildQueryString(myCol);
When I click my link the page can't be displayed. I've altered the code above several times but with no luck. Does anybody have any solutions to my problem?
I've used the BuildQueryString method without any problems.
What is the value of your redirect string?
Ok, dp you have any sample code I can look at?
My redirect string from the code above looks like this:
As you can see it's wrong :-)
I would use an UrlBuilder instead.
UrlBuilder ub = new UrlBuilder(CurrentPage.LinkURL); ub.QueryCollection.Add("parameter1", "value1");ub.QueryCollection.Add("parameter2", "value2");Response.Redirect(ub.ToString(), true);
The problem with your approach is that you append the correctly built "BuildQueryString", but you miss the "&"/"?" between the strings when you just concat them.