HttpRuleParser GetExpressionLength allows invalid characters.
#2,694 opened on Jan 2, 2018
Repository metrics
- Stars
- (37,933 stars)
- PR merge metrics
- (Avg merge 16d 9h) (258 merged PRs in 30d)
Description
From @jkotalik on Tuesday, August 22, 2017 4:19:40 PM
@Tratcher and I discovered that GetExpressionLength in HttpRuleParser allows invalid characters (including control characters in expressions. GetExpressionLength mentions that we don't really care about the content of a quoted string, however it seems appropriate that if a quoted string has an invalid character, it should throw on parsing here, not in Kestrel (or whatever server).
This would be a breaking change, as it would introduce a new place where an exception is thrown, however it is probably the right behavior.
Copied from original issue: aspnet/HttpAbstractions#923