We recommend using Visual Studio 2017

Uri return values should not be strings







Breaking Change


The name of a method contains "uri", "Uri", "urn", "Urn", "url", or "Url", and the method returns a string.

This rule splits the method name into tokens based on the Pascal casing convention and checks whether each token equals "uri", "Uri", "urn", "Urn", "url", or "Url". If there is a match, the rule assumes that the method returns a uniform resource identifier (URI). A string representation of a URI is prone to parsing and encoding errors, and can lead to security vulnerabilities. The System.Uri class provides these services in a safe and secure manner.

To fix a violation of this rule, change the return type to a Uri.

It is safe to exclude a warning from this rule if the return value does not represent a URI.

The following example shows a type, ErrorProne, that violates this rule, and a type, SaferWay, that satisfies the rule.

#using <system.dll>
using namespace System;

namespace DesignLibrary
   public ref class ErrorProne
      // Violates rule UriPropertiesShouldNotBeStrings.
      property String^ SomeUri;

      // Violates rule UriParametersShouldNotBeStrings.
      void AddToHistory(String^ uriString) { }

      // Violates rule UriReturnValuesShouldNotBeStrings.
      String^ GetRefererUri(String^ httpHeader)
         return "http://www.adventure-works.com";

   public ref class SaferWay
      // To retrieve a string, call SomeUri()->ToString().
      // To set using a string, call SomeUri(gcnew Uri(string)).
      property Uri^ SomeUri;

      void AddToHistory(String^ uriString)
         // Check for UriFormatException.
         AddToHistory(gcnew Uri(uriString));

      void AddToHistory(Uri^ uriType) { }

      Uri^ GetRefererUri(String^ httpHeader)
         return gcnew Uri("http://www.adventure-works.com");

Community Additions