dotnet/aspnetcore
在 GitHub 查看HttpRuleParser GetExpressionLength allows invalid characters.
Open
#2,694 创建于 2018年1月2日
affected-fewarea-networkingbugfeature-http-abstractionshelp wantedseverity-minor
仓库指标
- Star
- (37,933 star)
- PR 合并指标
- (平均合并 16天 9小时) (30 天内合并 258 个 PR)
描述
From @jkotalik on Tuesday, August 22, 2017 4:19:40 PM
@Tratcher and I discovered that GetExpressionLength in HttpRuleParser allows invalid characters (including control characters in expressions. GetExpressionLength mentions that we don't really care about the content of a quoted string, however it seems appropriate that if a quoted string has an invalid character, it should throw on parsing here, not in Kestrel (or whatever server).
This would be a breaking change, as it would introduce a new place where an exception is thrown, however it is probably the right behavior.
Copied from original issue: aspnet/HttpAbstractions#923