I am trying to pass some info in a URL which contains <b> . I am using URLEncodedFormat, I have also tried replacing the <b> with<b> . When it executes the receiving page gives a runtime error A potentially dangerous Request.QueryString value was detected from the client (message="...dvertiser <b>Aspire Communicat...").
I have this running locally on a dev server with CF2016/IIS10 with no trouble. I’ve tried it on a production box using CF2016/IIS10 and it works fine. The Lucee server was a clone server from the original CF2016, therefore the IIS settings are the same. I’ve also double checked the web.config file for anything that is somehow different
I am wondering if Lucee is the cause of this, but I can’t find any setting that could impact it
Appreciate any help, thanks
Code
<CFLOCATION URL="review_2.cfm?checksendemail=1&nonverified=1&message=#URLEncodedFormat('Advertiser <b>#form_companyname#</b> declined')#" addtoken="no">
Stack:
Windows Server 2022
IIS 10
Java 11.0.21
Tomcat Version 9.0
Lucee 6.0.0.585
MS SQL 2022
5 posts - 4 participants