[Mono-list] MS ASP .NET Bug
Andrew Arnott
AndrewArnott@byu.edu
Fri, 23 Jul 2004 11:36:18 -0600
This is a multi-part message in MIME format.
------=_NextPart_000_0182_01C470A9.4482C020
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Answer below.
> so I wonder if it would happen in Mono too. The bug is simple, supose we
> have the following in an aspx:
> <script runat="server">
> void ProcessClick( object sender, EventArgs args )
> {
> string sql = @"<script language='javascript'>";
> sql += @"alert('";
> sql += nome.Value;
> sql += "');";
> sql += @"</script>"; // Here is the PROBLEM!
> this.RegisterClientScriptBlock( "JJ", sql );
> }
> </script>
> The parser will only "copy" to the class definition the code from <script
> runat=server> to <script>. The problem is that he thinks that the
> "</script>" literal is the tag end... So in the class definition we will
> have only:
>
> void ProcessClick( object sender, EventArgs args )
> {
> string sql = @"<script language='javascript'>";
> sql += @"alert('";
> sql += nome.Value;
> sql += "');";
> sql += @"
>
> Witch produces a compiler error. Would this happen in Mono? If not, should
> it happen?
I can't answer the "will it happen in Mono question", but a solution to the
problem is to just divide your </script> tag up:
sql += @"</scr" + "ipt>"; // Here is the SOLUTION!
That will work in any implementation that has the bug.
------=_NextPart_000_0182_01C470A9.4482C020
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJkTCCAxkw
ggKCoAMCAQICAwxX1zANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0EwHhcNMDQwNTE5MTYyMDMwWhcNMDUwNTE5MTYyMDMwWjCBwDEfMB0GA1UE
AxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEjMCEGCSqGSIb3DQEJARYUQW5kcmV3QXJub3R0QGJ5
dS5lZHUxJDAiBgkqhkiG9w0BCQEWFUFuZHJld19Bcm5vdHRAYnl1LmVkdTEpMCcGCSqGSIb3DQEJ
ARYadGhpc2lzdGhlcGxhY2VAaG90bWFpbC5jb20xJzAlBgkqhkiG9w0BCQEWGHJlbGF0ZV93ZWJt
YXN0ZXJAYnl1LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArlzOF5Csqi69H7O9cETu
bfnVij+sURASLZVKRZHxPZwlaMEuOQeGVkXkWxGjw12LbkbXcR86tfuoAmR0okMtEzl0ygYMHT8o
wqvO2CRqTUMkUdk0ORutlzG1bsNpyWxwxYrpsiOdUuyvF2w8+xJSyTypJKGE3IN5aK9od8un+ucC
AwEAAaN+MHwwbAYDVR0RBGUwY4EUQW5kcmV3QXJub3R0QGJ5dS5lZHWBFUFuZHJld19Bcm5vdHRA
Ynl1LmVkdYEadGhpc2lzdGhlcGxhY2VAaG90bWFpbC5jb22BGHJlbGF0ZV93ZWJtYXN0ZXJAYnl1
LmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAEJwfK49WD9qTJAXXOovageUPPdu
OXDeUAaBUQXNBR0/voePXxDOaiESAnlaEpiGQZgdTio9aEearkADBjMFX37bV9G5oRiBgjAU+rQj
wUweqn+4ZqyJL2xeOQ+eqGMbAg4d/BHYMnbO9FhYxQVVwbJnPeNRHhMpFRIYTDWjgVBTMIIDLTCC
ApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rl
cm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEo
MCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3Rl
IFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0
aGF3dGUuY29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYTAlpB
MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhh
d3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x
JDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy
c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX
1LCUZFtx6UfYDFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E
rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVquzgkCGqYx7Ha
o5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQDH
7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjPMPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJs
YHFcoqzceePnbgBHH7UNKOgCneSa/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1
iwzdUYRr5PjRzneigTCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYT
AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMR
VGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNp
b24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYc
cGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5
NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQu
MSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/
Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79A
gAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAG
AQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJz
b25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMR
UHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIX
oUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN
3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggLPMIIC
ywIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM
dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDFfXMAkG
BSsOAwIaBQCgggG8MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA0
MDcyMzE3MzYxN1owIwYJKoZIhvcNAQkEMRYEFBh7xYgCBx+T+/K4D1HQ7iMqAn2nMGcGCSqGSIb3
DQEJDzFaMFgwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO
AwIHMA0GCCqGSIb3DQMCAgEoMAcGBSsOAwIaMAoGCCqGSIb3DQIFMHgGCSsGAQQBgjcQBDFrMGkw
YjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMV9cwegYLKoZIhvcN
AQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5
KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDFfX
MA0GCSqGSIb3DQEBAQUABIGAQryuG4+izcQqzm/8KkYUdjc/8V2/zURDXtURelNuwEi6r7DWn4PS
MMjgcJwhekk2A5CH2yhY1MTtJ/yrBDEYwin4b8RIJVpA+f61PaekQczsZ2myY6tClz2fa7F/hXn9
WrW9B+JhUVxyctapYMLwirDtzJU/jOMQ4beEPcD97WoAAAAAAAA=
------=_NextPart_000_0182_01C470A9.4482C020--