< class="prominent-subhead ">

A potentially dangerous Request.Path value was detected from the client (%)

This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.


A simple K2 application was created on a simple list in SharePoint (Czech) - only SmartObject and SmartForms - SmartForms are used for New, Edit, and Display. New, Edit and Display options all work. 

Using P&D in SharePoint, a KSPX package was created which was transferred and successfully deployed on a different list (no matter the language of the target collection or site).

When you add only a New item in the list, Display and Edit does not work. An error message appears:


Server Error

A potentially dangerous Request.Path value was detected from the client (%). More Details at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)




The problem appears when the package is deployed. At this point the SharePoint setting that controls which form to open, gets set incorrectly.

The ž character gets double URL encoded when appifying the list directly, then the SP setting is set correctly, without it being URL encoded.


The workaround is  to reset/resave the settings:

- Go into the K2 for SharePoint application on the list.

- Click on Settings -> Form Settings

- Click on Save without changing anything.