You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
Our usernames are in UPN format, that is [email protected]. If authentication fails, the user is shown the login form again with the username that he just entered. The "@" in the username then shows up as "\x40" however (user\x40domain.com).
This is due to a change in 7c8d92e that adds encoding of special characters in the username. Any encoding that is performed here is however encoded again in DefaultViewService.cs in BuildModel by SerializeObject. This causes the username to show up as user\x40domain.com.
I believe the fix is to just remove the javascript encoding introduced in 7c8d92e: any dangerous content in the username should get encoded by SerializeObject later on.
The text was updated successfully, but these errors were encountered:
I was just about to write a question like this!
I use MVC to write out a completely custom IViewService and that JavaScript encoding as mentioned by vanderkleij is getting that exact same @ => \x40 character.
If something down the road needs this encoding in the default IViewService, is there someway we can choose to encode or not? Perhaps in the IViewService
I have downloaded MyGet build 10149 and the @ remains an @ after a failed login as desired. For now though, I'll be sticking to the mainstream Nuget build. Thank you.
Our usernames are in UPN format, that is [email protected]. If authentication fails, the user is shown the login form again with the username that he just entered. The "@" in the username then shows up as "\x40" however (user\x40domain.com).
This is due to a change in 7c8d92e that adds encoding of special characters in the username. Any encoding that is performed here is however encoded again in DefaultViewService.cs in BuildModel by SerializeObject. This causes the username to show up as user\x40domain.com.
I believe the fix is to just remove the javascript encoding introduced in 7c8d92e: any dangerous content in the username should get encoded by SerializeObject later on.
The text was updated successfully, but these errors were encountered: