[release/10.0.1xx] URL-encode scoped CSS Link headers for non-ASCII project names#51039
Merged
lewing merged 7 commits intorelease/10.0.1xxfrom Oct 2, 2025
Merged
Conversation
Copilot
AI
changed the title
[WIP] [ASP.NET] Scoped CSS should URL encode the link header
Fix scoped CSS URL encoding for non-ASCII project names
Sep 27, 2025
javiercn
reviewed
Sep 27, 2025
src/StaticWebAssetsSdk/Targets/Microsoft.NET.Sdk.StaticWebAssets.ScopedCss.targets
Outdated
Show resolved
Hide resolved
test/Microsoft.NET.Sdk.StaticWebAssets.Tests/JsModulesIntegrationTest.cs
Show resolved
Hide resolved
test/Microsoft.NET.Sdk.StaticWebAssets.Tests/LegacyStaticWebAssetsV1IntegrationTest.cs
Show resolved
Hide resolved
test/Microsoft.NET.Sdk.StaticWebAssets.Tests/StaticWebAssetEndpointsIntegrationTest.cs
Show resolved
Hide resolved
test/Microsoft.NET.Sdk.StaticWebAssets.Tests/StaticWebAssetsBaselineFactory.cs
Show resolved
Hide resolved
test/Microsoft.NET.Sdk.StaticWebAssets.Tests/StaticWebAssetsCompressionIntegrationTest.cs
Show resolved
Hide resolved
test/Microsoft.NET.Sdk.StaticWebAssets.Tests/StaticWebAssetsFingerprintingTest.cs
Show resolved
Hide resolved
test/Microsoft.NET.Sdk.StaticWebAssets.Tests/StaticWebAssetsIntegrationTest.cs
Show resolved
Hide resolved
test/Microsoft.NET.Sdk.StaticWebAssets.Tests/ScopedCssIntegrationTests.cs
Show resolved
Hide resolved
Contributor
Author
Addressed feedback in commit 9e13d45:
|
src/StaticWebAssetsSdk/Targets/Microsoft.NET.Sdk.StaticWebAssets.ScopedCss.targets
Outdated
Show resolved
Hide resolved
This was referenced Sep 27, 2025
javiercn
reviewed
Sep 27, 2025
Member
|
There seems to be this unrelated test failure that seems to be failing pretty consistently Microsoft.NET.Publish.Tests.GivenThatWeWantToPublishAnAotApp.Microsoft.NET.Publish.Tests.GivenThatWeWantToPublishAnAotApp.NativeAot_hw_fails_with_unsupported_host_rid(targetFramework: "net10.0") |
ilonatommy
approved these changes
Sep 29, 2025
Member
ilonatommy
left a comment
ilonatommy
left a comment
There was a problem hiding this comment.
Tested with dogfood sdk script and blazor app.
maraf
approved these changes
Sep 29, 2025
javiercn
changed the title
Member
|
All failures are marked as known build errors but build analysis does not want to get green. |
Member
|
/ba-g build analysis should be green, all failures are known |
…ct names Co-authored-by: javiercn <6995051+javiercn@users.noreply.github.com>
Co-authored-by: javiercn <6995051+javiercn@users.noreply.github.com>
…er project structure Co-authored-by: javiercn <6995051+javiercn@users.noreply.github.com>
Co-authored-by: javiercn <6995051+javiercn@users.noreply.github.com>
javiercn
force-pushed
the
copilot/fix-43cc9698-4150-4c8c-a307-ed00dbbcd48e
branch
from
69393b7 to
95dcef5
Compare
lewing
changed the title
lewing
approved these changes
Oct 1, 2025
Member
|
approved in email |
tarekgh
reviewed
Oct 1, 2025
tarekgh
reviewed
Oct 1, 2025
| { | ||
| var index = header.IndexOf('<'); | ||
| if (index == -1) | ||
| { |
Member
There was a problem hiding this comment.
nit, better to make this index < 0
tarekgh
reviewed
Oct 1, 2025
| index++; | ||
| var endIndex = header.IndexOf('>', index); | ||
| if (endIndex == -1) | ||
| { |
YuliiaKovalova
pushed a commit
to dotnet/msbuild
that referenced
this pull request
Nov 20, 2025
…st (#12572) Resolves #12571 This PR adds `System.Uri::EscapeDataString` (and `UnescapeDataString`) to the MSBuild property function allowlist, enabling developers to properly escape URI components in MSBuild projects without needing to resort to workarounds with `UriBuilder.Path`. ## Problem Previously, developers who needed to URL-encode strings in MSBuild had to use workarounds like manipulating `UriBuilder.Path`, which is not semantically correct and error-prone. The `System.Uri::EscapeDataString` method is the standard .NET approach for encoding URI data components. ## Solution Added `System.Uri` to the `AvailableStaticMethods` allowlist in `Constants.cs`, which enables all static methods on the `System.Uri` class including `EscapeDataString` and `UnescapeDataString`. ## Usage ```xml <PropertyGroup> <QueryParam>hello world & test=123</QueryParam> <EscapedParam>$([System.Uri]::EscapeDataString($(QueryParam)))</EscapedParam> <!-- Result: hello%20world%20%26%20test%3D123 --> </PropertyGroup> ``` ## Safety `System.Uri::EscapeDataString` is a pure function with no side effects, making it completely safe for use during project evaluation. It follows the same security model as other allowed static methods like `System.String` and `System.Convert`. ## Testing - Added comprehensive unit test verifying the functionality works correctly - Verified round-trip encoding/decoding with various input types - Confirmed all existing tests continue to pass (27/27 intrinsic function tests) - Validated that existing `UriBuilder` functionality remains unaffected This change provides a clean, semantically correct way to handle URI encoding in MSBuild without breaking any existing functionality. <!-- START COPILOT CODING AGENT SUFFIX --> <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>Instead of hacking with UriBuilder.Path, I think it would be better to add `[System.Uri]::EscapeDataString` to the allowlist at the MSBuild side.</issue_title> > <issue_description>Instead of hacking with UriBuilder.Path, I think it would be better to add `[System.Uri]::EscapeDataString` to the allowlist at the MSBuild side. > > _Originally posted by @KalleOlaviNiemitalo in dotnet/sdk#51039 (comment) > > We should allow this method on the set of known functions. It's available across framework and modern .NET. </issue_description> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details> Fixes #12571 <!-- START COPILOT CODING AGENT TIPS --> --- 💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: baronfel <573979+baronfel@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
URL-encode scoped CSS Link headers for non-ASCII project names
Description
Blazor apps with non-ASCII project names (e.g. 中文) failed at runtime due to raw non-ASCII characters in generated Link headers for scoped CSS bundles.
Fixes #51038
Customer Impact
This is required to be compliant with GB18030 and deal with cases where project names use non-ascii characters.
Regression?
9.0
Risk
Updates the manifest generation logic to ensure we URL encode path segments on the Link header. No other header that we emit needs this treatment.
Verification
Packaging changes reviewed?