Different Behaviors of DownloadString and Uri between .NET and Mono

Note: This is the summary of my posts (they are written in Japanese): tkbctf3 Miocat MonoのWebClientにおけるURI 結局Monoと.NETの挙動の違いはなんだったのか I already reported this as a bug for Xamarin’s Bugzilla. Introduction I found the different behavior of WebClient.DownloadString(String) between Mono and .NET Framework when an invalid URI passed to it. In the Mono’s implementation, it may cause a security issue. This causes by two different behaviors, in new Uri(String), and Path.GetFullPath(String). DownloadString DownloadString(String) and some methods (e.g. DownloadFile(String), OpenRead(String), etc.) calls CreateUri(String), a private method of WebClient. (-> source code on github) CreateUri and GetUri CreateUri(String) tries to make


続・アレな文字をWebClient.DownloadString(String)に渡すとローカルのファイルが読める ここ2つの記事でMonoのWebClient.DownloadString(string)にアレな文字列渡すとローカルファイルを落としてきてしまうという挙動について調