Invalid Char in html

Feb 13, 2011 at 5:44 PM

Hi,

I prefer to open a new subject about that problem :

It seems there is an invalid(null?) char generated inside the html code.

If you try to show the source code of a website that containing the menu provider (inside IE,FF,Opera ...), the source code is cut just after the menu.

 

You can reproduce it by this way, go to http://dnn-menu.com/superfish/Home.aspx, use showsource and you will see half of the source code of the page.

 

I try to debug the source code by adding renderedMenu var(MenuSkinObject.vb->Protected Overrides Sub Render(ByVal writer As System.Web.UI.HtmlTextWriter)) to the eventlog but there is an error :

Error '.', hexadecimal value 0x00, is an invalid character.

I cannot find out exactly where the char is generated. It seems some chars are added without testing if the original string is empty or not ( ie: elementTemplateDefinition(currentDepth).Append(currentTemplateStructure(0))) but even with adding a test strin.isnullorempty I still have the problem.

 

Could you check this part of code?

 

Regards,

 

JB

Coordinator
Feb 15, 2011 at 10:39 PM

Hello jbval,

this seems to be a problem/exploit in the source code viewer of IE and Opera (http://www.exploit-db.com/exploits/12156/).

I have just fixed this issue by parsing out all null control characters. This will be part of our next release.

Thanks for your research and feedback!


Greets,

Alex

Feb 16, 2011 at 7:51 AM

Hello,

 

thanks for your detailed answer. I saw the problem when I tried to validate my website on w3 validator which send me an error.

No problem for the research even if I don't found the exact source of the problem ;)

I hope my messages can help and not only flooding the forum :p

JB