Kentico Xperience 13 documentation and ASP.NET Core

Most documentation about running Xperience applications under ASP.NET Core can be found in a dedicated section: Developing Xperience applications using ASP.NET Core. The rest of the documentation still applies, but some code samples and scenarios might need slight modifications for Core projects.

All major differences between the MVC 5 and Core platforms are summarized in Migrating to ASP.NET Core.


Configuring forbidden URL characters

The system provides settings that allow you to configure what characters are allowed in URLs. These setting apply to either routing mode.

Certain characters have special meanings in URLs, so they cannot be used in values that determine URLs. The system automatically replaces or removes forbidden characters in:

By default, the following characters are forbidden:

\/:*?"<>|&%.'#[]+=„" and the space character

To specify additional forbidden characters:

  1. Open the Settings application.
  2. Select the URLs and SEO category.
  3. Type the characters into the Forbidden URL characters setting (without any separator).
  4. Click Save.

Alternatively, you can enter a regular expression into the Allowed URL characters setting to precisely specify which characters are allowed in URLs.


The default characters listed above are always forbidden unless you override the CMSForbiddenURLValues key in the /configuration/appSettings section of your administration application's web.config file. For example:

<add key="CMSForbiddenURLValues" value="$\/:?&quot;&lt;&gt;|&amp;%.&apos;#[] =" />

You can either use the key to allow some of the default forbidden characters, or add new ones. It is strongly recommended to keep the default characters forbidden – entering the characters into URL values may prevent certain types of URLs from working correctly.

You can specify the character that is used to replace forbidden characters through the Forbidden characters replacement setting in Settings -> URLs and SEO. By default, forbidden characters located at the beginning or end of the path are removed completely and consecutive forbidden characters are only replaced by a single character. If you wish to have each forbidden character replaced individually, add the following key to your administration application's web.config:

<add key="CMSLimitUrlReplacements" value="false" />

Alternative page URLs

The settings and configuration described above do NOT apply to alternative URLs of pages. Instead, the allowed and forbidden characters in alternative URLs are controlled by the Alternative URLs constraint setting in Settings -> URLs and SEO. For more information, see Enabling alternative URLs for pages.

Was this page helpful?