In an .idq file, a client could sent a Uniform Resource Locator (URL) to access a directory not included in the scope. For example, if you set the CiTemplate parameter in the Query section of an .idq file as shown, a client can send a URL to another directory on your machine and display its contents:
CiTemplate=%CiTemplateFile%
Similarly if you set the CiSort parameter in the same way, you could expose your site to a complex sorting query that could slow down your computer's performance:
CiSort=%CiSort%
To protect against such violations, you should hard code a parameter as much as possible. For example, with the CiTemplate pointing to an .htx file in the samples directory, follow this example:
CiTemplate=/IisSamples/IsSamples/%CiTemplateName.htx%
With this setting, a client could see only the .htx files in the /IisSamples/IsSamples virtual directory.