Gustaf wrote:
Jon Skeet [C# MVP] wrote:
>The problem is that the second character of the message is a carriage
return.
Thank you both. So Message strings of .NET exception classes may contain
whitespace other than SPACE?
As it was a carriage return that was the unexpected token, that's what's
put in the error message. In escaped form, the error message would start:
'\r' is an unexpected token.
As you have that character in the input to the method, it might end up
in the exception message.
Does it mean it's generally good practice
to normalize these strings before presenting them?
You might want to do that.
In certain situations, like if you output the message on a web page,
it's crucial for security that you don't display the message without
encoding it properly, otherwise it could be used for cross site
scripting (XSS) atacks.
--
Göran Andersson
_____
http://www.guffa.com