You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: xml/System.Net.Http.Headers/HttpHeaders.xml
+41-3Lines changed: 41 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -596,7 +596,7 @@ This member is an explicit interface member implementation. It can be used only
596
596
<AssemblyVersion>4.2.0.0</AssemblyVersion>
597
597
</AssemblyInfo>
598
598
<Docs>
599
-
<summary>Returns a value that indicates whether a new header and its values were added to the <seecref="T:System.Net.Http.Headers.HttpHeaders" /> collection without validating the provided information.</summary>
599
+
<summary>Returns a value that indicates whether a new header and its values were added to the <seecref="T:System.Net.Http.Headers.HttpHeaders" /> collection without validating the header values.</summary>
600
600
</Docs>
601
601
</MemberGroup>
602
602
<MemberMemberName="TryAddWithoutValidation">
@@ -649,7 +649,26 @@ This member is an explicit interface member implementation. It can be used only
649
649
<summary>Returns a value that indicates whether the specified header and its values were added to the <seecref="T:System.Net.Http.Headers.HttpHeaders" /> collection without validating the provided information.</summary>
650
650
<returns>
651
651
<seelangword="true" /> if the specified header <paramrefname="name" /> and <paramrefname="values" /> could be added to the collection; otherwise <seelangword="false" />.</returns>
652
-
<remarks>To be added.</remarks>
652
+
<remarks>
653
+
<formattype="text/markdown"><'s definition. Non-ASCII characters aren't allowed in a header name.
658
+
659
+
This method doesn't perform any header value validation. Values added via this method are assumed to be trusted, and other application logic, such as <xref:System.Net.Http.HttpClient>, might misbehave if they're not well formed.
660
+
661
+
Values added without validation might be observed when enumerating the collection or querying for the specific header name, even when the caller isn't using the <xref:System.Net.Http.Headers.HttpHeaders.NonValidated> view of the collection.
662
+
663
+
> [!CAUTION]
664
+
> This method must never be used with untrusted values, unless they were otherwise sufficiently validated.
665
+
>
666
+
> What constitutes "sufficient" validation can vary by use case. At a minimum, prohibit newline characters for protocol correctness, for example, `if (value.ContainsAny('\r', '\n', '\0')) throw ...`. This validation should ensure that the server application sees values in the same way as the client application, with the server now being responsible for properly sanitizing its own inputs.
667
+
>
668
+
> To guard against attacks such as request smuggling, callers are highly encouraged to validate that these values don't contain newline characters.
669
+
670
+
]]></format>
671
+
</remarks>
653
672
</Docs>
654
673
</Member>
655
674
<MemberMemberName="TryAddWithoutValidation">
@@ -702,7 +721,26 @@ This member is an explicit interface member implementation. It can be used only
702
721
<summary>Returns a value that indicates whether the specified header and its value were added to the <seecref="T:System.Net.Http.Headers.HttpHeaders" /> collection without validating the provided information.</summary>
703
722
<returns>
704
723
<seelangword="true" /> if the specified header <paramrefname="name" /> and <paramrefname="value" /> could be added to the collection; otherwise <seelangword="false" />.</returns>
705
-
<remarks>To be added.</remarks>
724
+
<remarks>
725
+
<formattype="text/markdown"><'s definition. Non-ASCII characters aren't allowed in a header name.
730
+
731
+
This method doesn't perform any header value validation. Values added via this method are assumed to be trusted, and other application logic, such as <xref:System.Net.Http.HttpClient>, might misbehave if they're not well formed.
732
+
733
+
Values added without validation might be observed when enumerating the collection or querying for the specific header name, even when the caller isn't using the <xref:System.Net.Http.Headers.HttpHeaders.NonValidated> view of the collection.
734
+
735
+
> [!CAUTION]
736
+
> This method must never be used with untrusted values, unless they were otherwise sufficiently validated.
737
+
>
738
+
> What constitutes "sufficient" validation can vary by use case. At a minimum, prohibit newline characters for protocol correctness, for example, `if (value.ContainsAny('\r', '\n', '\0')) throw ...`. This validation should ensure that the server application sees values in the same way as the client application, with the server now being responsible for properly sanitizing its own inputs.
739
+
>
740
+
> To guard against attacks such as request smuggling, callers are highly encouraged to validate that these values don't contain newline characters.
Copy file name to clipboardExpand all lines: xml/System.Net.Mail/MailAddress.xml
+2Lines changed: 2 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -265,6 +265,8 @@ If `displayName` contains non-ASCII characters, the iso-8859-1 character set is
265
265
266
266
If `address` contains a display name, and `displayName` is not `null` and is not equal to <xref:System.String.Empty?displayProperty=nameWithType>, `displayName` overrides the value specified in `address`.
267
267
268
+
The <xref:System.Net.Mail.MailAddress.%23ctor(System.String,System.String)> constructor does not check if the `displayName` parameter is valid. This method removes surrounding quotes not displayed by the <xref:System.Net.Mail.MailAddress.DisplayName> property. Quotes will be added before transmission. <xref:System.Text.Encoding.UTF8> encoding will be applied to the <xref:System.Net.Mail.MailAddress.DisplayName> property before transmission.
269
+
268
270
## Examples
269
271
270
272
The following code example uses this constructor to create <xref:System.Net.Mail.MailAddress> instances for the sender and recipient of an email message.
Copy file name to clipboardExpand all lines: xml/System/TimeZoneInfo.xml
+6-1Lines changed: 6 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -1892,7 +1892,12 @@
1892
1892
1893
1893
The `id` parameter must correspond exactly to the time zone's identifier in length, but not in case, for a successful match to occur; that is, the comparison of `id` with time zone identifiers is case-insensitive. If you want to retrieve time zone objects based on partial matches, you can write custom procedures that work with the read-only collection of <xref:System.TimeZoneInfo> objects returned by the <xref:System.TimeZoneInfo.GetSystemTimeZones%2A> method.
1894
1894
1895
-
On Windows systems, `FindSystemTimeZoneById` tries to match `id` to the subkey names of the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones branch of the registry. On Linux and macOS, it uses time zone information available in the [ICU Library](https://unicode-org.github.io/icu/userguide/datetime/timezone/). If the registry or the library does not have the information for the time zone you desire, you can create a particular time zone either by calling one of the overloads of the <xref:System.TimeZoneInfo.CreateCustomTimeZone%2A> method or by calling <xref:System.TimeZoneInfo.FromSerializedString%2A> to deserialize a <xref:System.TimeZoneInfo> object that represents the required time zone. However, time zones created by these method calls are not system-defined time and cannot be retrieved using the <xref:System.TimeZoneInfo.FindSystemTimeZoneById%2A> method. These custom time zones can be accessed only through the object reference returned by the <xref:System.TimeZoneInfo.CreateCustomTimeZone%2A> or <xref:System.TimeZoneInfo.FromSerializedString%2A> method call.
1895
+
On Windows systems, `FindSystemTimeZoneById` tries to match `id` to the subkey names of the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones branch of the registry.
1896
+
Starting with .NET 6, Windows systems also support IANA time zone identifiers (such as "America/Los_Angeles" or "Pacific/Auckland"), providing cross-platform time zone resolution. IANA IDs are supported on Windows only if NLS isn't enabled and globalization invariant mode isn't enabled.
1897
+
On Linux and macOS, it uses time zone information available in the [ICU Library](https://unicode-org.github.io/icu/userguide/datetime/timezone/).
1898
+
If the registry or the library does not have the information for the time zone you desire, you can create a particular time zone either by calling one of the overloads of the <xref:System.TimeZoneInfo.CreateCustomTimeZone%2A> method or by calling <xref:System.TimeZoneInfo.FromSerializedString%2A> to deserialize a <xref:System.TimeZoneInfo> object that represents the required time zone.
1899
+
However, time zones created by these method calls are not system-defined time and cannot be retrieved using the <xref:System.TimeZoneInfo.FindSystemTimeZoneById%2A> method.
1900
+
These custom time zones can be accessed only through the object reference returned by the <xref:System.TimeZoneInfo.CreateCustomTimeZone%2A> or <xref:System.TimeZoneInfo.FromSerializedString%2A> method call.
1896
1901
1897
1902
In .NET 7 and earlier versions, this method returns a new <xref:System.TimeZoneInfo> instance for each method call. This might impact performance in applications that call the `FindSystemTimeZoneById` method repeatedly with the same identifier. (In .NET 8 and later versions, this method always returns a cached <xref:System.TimeZoneInfo> instance.)
0 commit comments