Bug 20963 - Input from a widget's Identity Name and Class should be sanitized
Summary: Input from a widget's Identity Name and Class should be sanitized
Status: CONFIRMED
Alias: None
Product: Visual Studio Extensions
Classification: Xamarin
Component: iOS Designer ()
Version: 3.1
Hardware: PC Windows
: Normal normal
Target Milestone: ---
Assignee: Bugzilla
URL:
: 33129 ()
Depends on:
Blocks:
 
Reported: 2014-06-27 22:58 UTC by vga
Modified: 2017-08-28 15:00 UTC (History)
9 users (show)

Tags: NotRegression ac vs vsmac Proppy
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report for Bug 20963 on Developer Community if you have new information to add and do not yet see a matching new report.

If the latest results still closely match this report, you can use the original description:

  • Export the original title and description: Developer Community HTML
  • Copy the title and description into the new report. Adjust them to be up-to-date if needed.
  • Add your new information.
Related Links:
Status:
CONFIRMED

Description vga 2014-06-27 22:58:58 UTC
The values for a widget's Identity "Name" and "Class" that a user may enter using the Properties window should only allow for valid file names, class names and property names.

For example if you enter today "1Foo" in the "Class" field, you get no warning by the Properties window that this value is invalid and you should change it.

The designer will allow this "1Foo" value to be entered and will end up generating code (a class in this case) that won't compile.

Visual Studio users are used to get an error dialog as soon as their enter an invalid value for a property value. This is usually implemented by using TypeConverters that check the entered data.
Comment 1 Prashant manu 2014-06-30 02:14:30 UTC
On entering "1Foo" in the "Class" field, no warning is shown by the Properties window that this value is invalid.
Screencast: http://screencast.com/t/6HZcZ9MgoWt

Environment Info:
All VS
Xamarin 3.1.215.0 (09870684ffab6d8697b491503867808b567b4021)
XI 7.2.5.4
Comment 2 Alex Corrado [MSFT] 2015-08-15 12:27:42 UTC
*** Bug 33129 has been marked as a duplicate of this bug. ***
Comment 3 Adam Patridge [MSFT] 2016-08-05 18:46:34 UTC
In a derivative form of this, I was able to create a Class with a line break in it. Originally, it happened from some sort of delay with the Designer reloading, but you can reproduce it by copying text with line breaks from a text editor into the Class property field.

Xamarin Studio successfully created files with line breaks in them on the Mac. If the line break is at the end of the class name, even the generated C# file is valid. (If not, you split the class name and it won't build as above.) When that resulting project is loaded on Visual Studio, it will crash when you try to see the files in the Solution Explorer.