[Mono-bugs] [Bug 77778][Nor] New - MS/Mono incompatibility in
System.Web.HttpRequest
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Mon Mar 13 16:23:04 EST 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by nede at aliquant.com.
http://bugzilla.ximian.com/show_bug.cgi?id=77778
--- shadow/77778 2006-03-13 16:23:04.000000000 -0500
+++ shadow/77778.tmp.1961 2006-03-13 16:23:04.000000000 -0500
@@ -0,0 +1,48 @@
+Bug#: 77778
+Product: Mono: Class Libraries
+Version: 1.1
+OS: All
+OS Details: Fedora Core 4
+Status: NEW
+Resolution:
+Severity:
+Priority: Normal
+Component: Sys.Web
+AssignedTo: gonzalo at ximian.com
+ReportedBy: nede at aliquant.com
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: MS/Mono incompatibility in System.Web.HttpRequest
+
+Description of Problem:
+The input validation that occurs in the CheckString method in
+HttpRequest.cs is far more strict than Microsoft's. In this case, I would
+tend to say that Mono's validation is safer, but it is excessive. After
+extensive testing, here is the regular expression that matches the logic
+used in MS's version: "<[a-zA-Z\\!]+"
+
+
+Steps to reproduce the problem:
+Serve the attached ASPX on Mono and Microsoft .NET. You will notice that
+all of the buttons labeled "Valid" work in .NET but not in Mono. The two
+marked "Not Valid" should not work in either implementation.
+
+
+Actual Results:
+Mono throws the "A potentially dangerous Request.Form value was detected
+from the client" exception when any of the buttons are clicked.
+
+
+Expected Results:
+The "A potentially dangerous Request.Form value was detected from the
+client" exception should only be thrown for the last two example buttons.
+
+
+How often does this happen?
+Every time.
+
+
+Additional Information:
+Using Mono 1.1.13-4.
More information about the mono-bugs
mailing list