dotnet/aspnetcore

HttpRuleParser GetExpressionLength allows invalid characters.

Open

#2,694 创建于 2018年1月2日

在 GitHub 查看
 (1 评论) (0 反应) (0 负责人)C# (10,653 fork)batch import
affected-fewarea-networkingbugfeature-http-abstractionshelp wantedseverity-minor

仓库指标

Star
 (37,933 star)
PR 合并指标
 (平均合并 16天 9小时) (30 天内合并 258 个 PR)

描述

From @jkotalik on Tuesday, August 22, 2017 4:19:40 PM

@Tratcher and I discovered that GetExpressionLength in HttpRuleParser allows invalid characters (including control characters in expressions. GetExpressionLength mentions that we don't really care about the content of a quoted string, however it seems appropriate that if a quoted string has an invalid character, it should throw on parsing here, not in Kestrel (or whatever server).

This would be a breaking change, as it would introduce a new place where an exception is thrown, however it is probably the right behavior.

Copied from original issue: aspnet/HttpAbstractions#923

贡献者指南