2

Closed

Self Host application running on Non-Unicode OS can be easily broken by sending a header value with invalid character

description

See this,

http://forums.asp.net/t/1815019.aspx

The Web API application running as Self Host on Non-Unicode OS can be easily broken by sending a header value with invalid character.
Closed Jul 18, 2012 at 9:00 PM by hongyes

comments

HongmeiG wrote Jun 18, 2012 at 9:11 PM

Can you try to repro this?

imranbaloch wrote Jun 19, 2012 at 2:10 AM

Before submitting the I issue was successfully reproduced this. Here are the steps, Change the OS locale. In Windows 7, Region And language > Administrative > Change System Locale > Chinese Simplified(or other). Restart the system and run a self host application. Send a request from fiddler with this header,

User-Agent: 大彩�? 1.0 ipod touch;iphone os 5.0.1;zh-cn

yaohuang wrote Jun 20, 2012 at 10:11 PM

Fixed with this checkin: http://aspnetwebstack.codeplex.com/SourceControl/changeset/changes/de16aded54ab

hongyes wrote Jul 18, 2012 at 9:00 PM

Verify in invalid unicode characters in different places include, URL, headers and body. The issue doesn't repro anymore after the fix.

Sign in to add a comment