This seriously belongs here...
-
string isValidArticle(string article) - The Daily WTF[^] A Zero-Day exploit in the .NET framework through the WSDL parser. :wtf:
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
-
string isValidArticle(string article) - The Daily WTF[^] A Zero-Day exploit in the .NET framework through the WSDL parser. :wtf:
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
We need a new icon for "coding horror". Perhaps a WTF with its hair standing on end?
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack. --Winston Churchill
-
string isValidArticle(string article) - The Daily WTF[^] A Zero-Day exploit in the .NET framework through the WSDL parser. :wtf:
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
I've always had this standard of code that I thought was "Microsoft quality". Granted, given the number of bugs and "features over fix" commonly found in Microsoft products, this bar was not set high. This ... "sample", for lack of a sufficiently derogatory term, just jumps on that bar and smashes it into the ground. How the :elephant: that code ever made it past review, let alone testing, is beyond my too-early-in-the-morning-on-a-weekend comprehension.
System.ItDidntWorkException: Something didn't work as expected. A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak -
string isValidArticle(string article) - The Daily WTF[^] A Zero-Day exploit in the .NET framework through the WSDL parser. :wtf:
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
It's a shame the article doesn't quite explain the problem properly. The code is generating a verbatim string literal, so newlines in the string don't need to be encoded or escaped. Source:
This is a perfectly valid
verbatim string literal
across multiple lines.Output:
string foo = @"This is a perfectly valid
verbatim string literal
across multiple lines.";Unfortunately, that string literal ends up being placed in a single-line comment, which only comments out the first line. :doh: Source:
This is a commented-out verbatim string literal.
System.Diagnostics.Process.Start("evil-code.exe");
//Output:
// string foo = @"This is a commented-out verbatim string literal.
System.Diagnostics.Process.Start("evil-code.exe");
// ";
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
string isValidArticle(string article) - The Daily WTF[^] A Zero-Day exploit in the .NET framework through the WSDL parser. :wtf:
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
-
string isValidArticle(string article) - The Daily WTF[^] A Zero-Day exploit in the .NET framework through the WSDL parser. :wtf:
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
Good find by the hackers, just reading the code made me really cringe, mainly because I'm nowhere near awake enough to parse it correctly. Whether it's a gross missnaming or the devs not checking what
isValidURL()actually validates one can be certain oversights were made. I'm in the middle of refactoring some css to make it clear and this article is yet another validation to striving to name things to the best of ones ability. My issue is naturally trivial in comparison and there is zero possibility of failing in such an impactful way, but clear code speaks for itself. -
string isValidArticle(string article) - The Daily WTF[^] A Zero-Day exploit in the .NET framework through the WSDL parser. :wtf:
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
Apart from being badly named and using a global static that code is not too bad. The code that is the real hair-raiser is the code that assumes it is safe to comment it out using a single line comment.
-
Apart from being badly named and using a global static that code is not too bad. The code that is the real hair-raiser is the code that assumes it is safe to comment it out using a single line comment.
