<clear> Element for schemeSettings (Uri Settings)

.NET Framework (current version)
 

Clears all existing scheme settings.

<configuration>
<uri>
<schemeSettings>
<clear>

  
<clear/>  
  

The following sections describe attributes, child elements, and parent elements.

Attributes

None.

Child Elements

None.

Parent Elements

ElementDescription
<schemeSettings> Element (Uri Settings)Specifies how a Uri will be parsed for specific schemes.

By default, the System.Uri class un-escapes percent encoded path delimiters before executing path compression. This was implemented as a security mechanism against attacks like the following:

http://www.contoso.com/..%2F..%2F/Windows/System32/cmd.exe?/c+dir+c:\

If this URI gets passed down to modules not handling percent encoded characters correctly, it could result in the following command being executed by the server:

c:\Windows\System32\cmd.exe /c dir c:\

For this reason, System.Uri class first un-escapes path delimiters and then applies path compression. The result of passing the malicious URL above to System.Uri class constructor results in the following URI:

http://www.microsoft.com/Windows/System32/cmd.exe?/c+dir+c:\

This default behavior can be modified to not un-escape percent encoded path delimiters using the schemeSettings configuration option for a specific scheme.

This element can be used in the application configuration file or the machine configuration file (Machine.config).

The following code example shows a configuration used by the Uri class that clears all scheme settings and then adds support for not escaping percent-encoded path delimiters for the http scheme.

<configuration>  
  <uri>  
    <schemeSettings>  
      <clear/>  
      <add name="http" genericUriParserOptions="DontUnescapePathDotsAndSlashes"/>  
    </schemeSettings>  
  </uri>  
</configuration>  

System.Configuration.SchemeSettingElement
System.Configuration.SchemeSettingElementCollection
System.Configuration.UriSection
UriSection.SchemeSettings
System.GenericUriParserOptions
System.Uri
Network Settings Schema

Show: