Oh no, you totally don't want to replace it with #
. This symbol has a special meaning in an url. It represents the fragment identifier
and its value is never sent to the server. This basically means that if there's a #
symbol in your url, everything that follows it gets truncated and never sent to the server. You may take a look at the following post
to see what StackOverflow uses to format the slug in the question title. You could run your string through this replace function in order to make sure that no dangerous characters are left.
I would also recommend you reading the following blog post
from Scott Hanselman where he covers the various scenarios you might encounter with IIS if you attempt to send special characters in the path portion of your url. I am quoting his conclusion here:
After ALL this effort to get crazy stuff in the Request Path, it's
worth mentioning that simply keeping the values as a part of the Query
String (remember WAY back at the beginning of this post?) is easier,
cleaner, more flexible, and more secure.