Trouble with .Net mangling claimed_id URLs in discovery
Peter Watkins
peterw at tux.org
Sat Mar 27 21:52:29 UTC 2010
John Bradley wrote:
> It is a problem that may exist in more than one RP, so we should test
> for it.
>
> RP with issues will have to decide what they do about those problem
> Yahoo accounts.
>
> I am not saying Yahoo has done anything wrong, but we have an interop
> issue non the less.
>
> I don't think there is anything you can do at this point.
I think it's sad that nobody thinks we could convince Microsoft to
change the behavior of .Net. As it stands, System.Uri in .Net is
mangling URLs on the *client* side, apparently to help protect
*servers* that might still be vulnerable to a flaw like
http://www.microsoft.com/technet/security/bulletin/fq00-019.mspx
which, by the way, turns 10 years old this week.
Anybody from the .Net team at MSFT want to chime in?
ISTM at the very least MSFT should release official patches (even if
they're hotfixes that must be manually obtained) for .Net 2.0 and 3.5
(lots of us still run primarily 2.0) to provide something like a
DoNotSimplifyPath property for a UriBuilder object so that code like
Andrew's would be able to work reliably.
-Peter
More information about the specs
mailing list