Configure forbidden URL characters

Copy to clipboard

The system provides settings that allow you to configure what characters are allowed in URLs.

Certain characters have special meanings in URLs, so they cannot be used in values that determine URLs. The system automatically replaces or removes forbidden characters in page URL slugs.

By default, the following characters are forbidden:



\/:*?"<>|&%.'#[]+= and the space character

To specify additional forbidden characters:

  1. Open the Settings application.
  2. Select the URLs and SEO category.
  3. Type the characters into the Forbidden URL characters setting (without any separator).
  4. Select Save.

Alternatively, you can enter a regular expression into the Allowed URL characters setting to precisely specify which characters are allowed in URLs.

Default forbidden characters

The default characters listed above are always forbidden unless you override the CMSForbiddenURLValues key in your project’s configuration file (appsettings.json by default). For example:

appsettings.json


"CMSForbiddenURLValues": "$\\/:?&quot;&lt;&gt;|&amp;%.&apos;#[] ="

You can either use the key to allow some of the default forbidden characters or add new ones. We strongly recommend keeping the default set of forbidden characters – entering the characters into URL values may prevent certain types of URLs from resolving correctly.

You can specify the character that is used to replace forbidden characters through the Forbidden character replacement setting in Settings → URLs and SEO. By default, forbidden characters located at the beginning or end of the path are removed completely and consecutive forbidden characters are only replaced by a single replacement character. For example, “Articles*and%%%blogs” is replaced with “Articles-and-blogs” when using the default replacement character: ‘-’ hyphen.