Configure forbidden URL characters
In URLs some characters are considered unsafe because they may be used for special purposes or could cause issues with browsers or servers. The system automatically replaces or removes forbidden characters in URL slugs and vanity URLs.
By default, the following characters are forbidden:
\/:*?"<>|&%.'#[]+= and the space character
Specify additional forbidden characters
To specify additional forbidden characters:
- Open the Settings application.
- Select the URLs and SEO category.
- Type the characters into the Forbidden URL characters setting (without any separator).
- Save the settings.
Alternatively, you can enter a regular expression into the Allowed URL characters setting to precisely specify which characters are allowed in URLs.
Override default forbidden characters
The default characters listed above are always forbidden unless you override the CMSForbiddenURLValues key in your project’s configuration file (appsettings.json by default). For example:
"CMSForbiddenURLValues": "$\\/:?"<>|&%.'#[] ="
You can either use the key to allow some of the default forbidden characters or add new ones. We strongly recommend keeping the default set of forbidden characters – entering the characters into URL values may prevent certain types of URLs from resolving correctly.
Specify forbidden character replacement
To specify forbidden character replacement:
- Open the Settings application.
- Select the URLs and SEO category.
- Enter the character into the Forbidden character replacement setting.
- Save the settings.
By default, forbidden characters located at the beginning or end of the path are removed completely and consecutive forbidden characters are only replaced by a single replacement character. For example, “Articles*and%%%blogs” is replaced with “Articles-and-blogs” when using the default replacement character: ‘-’ hyphen. If no replacement character is specified, the underscore ‘_’ character is used.