[Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

Paolo Molaro lupus at ximian.com
Fri Feb 17 14:37:05 EST 2006

On 02/16/06 Edward C. Eisenbrey wrote:
> You're right, that seems to work just as well.  The updated patch file
> is attached.
> From: Eyal Alaluf [mailto:eyala at mainsoft.com] 
> Sent: Thursday, February 16, 2006 4:29 AM
> To: Edward C. Eisenbrey
> Cc: mono-devel-list at lists.ximian.com
> Subject: Re: [Mono-dev] [PATCH] MS/Mono incompatibility in
> System.Web.HttpRequest
> Hi, Edward.
> Is it not enough to use: "<[a-zA-Z\\!]" as the RegEx instead of
> "<[a-zA-Z\\!]+"?
> It works much faster (since RegEx tries always for the biggest match
> possible) and it
> does exactly the same thing.

Doing the check without regular expressions would be even faster
(and the choice here).
But first, someone will have to explain what are we checking against
here. If MS does fewer checks it might just mean that they have a less
secure implementation.
Also, the method should be renamed: CheckString() doesn't tell us if
it's checking for a valid string or for an invalid one. This one
should likely be named IsInvalidString or IsUnsafeString etc.


lupus at debian.org                                     debian/rules
lupus at ximian.com                             Monkeys do it better

More information about the Mono-devel-list mailing list