Delen via


<schemeSettings> Element (Uri Settings)

Specifies how a Uri will be parsed for specific schemes.

<configuration> Element
  <uri> Element (Uri Settings)
    <schemeSettings> Element (Uri Settings)

<schemeSettings> 
</schemeSettings>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

None

Child Elements

Element

Description

<add>

Adds a scheme setting for a scheme name.

<clear>

Clears all existing scheme settings.

<remove>

Removes a scheme setting for a scheme name.

Parent Elements

Element

Description

<uri>

Contains settings that specify how the .NET Framework handles web addresses expressed using uniform resource identifiers (URIs).

Remarks

By default, the System.Uri class un-escapes percent encoded path delimiters before executing path compression. This was implemented as a security mechanism against attacks like the following:

https://www.contoso.com/..%2F..%2F/Windows/System32/cmd.exe?/c+dir+c:\\

If this URI gets passed down to modules not handling percent encoded characters correctly, it could result in the following command being executed by the server:

c:\Windows\System32\cmd.exe /c dir c:\

For this reason, System.Uri class first un-escapes path delimiters and then applies path compression. The result of passing the malicious URL above to System.Uri class constructor results in the following URI:

https://www.microsoft.com/Windows/System32/cmd.exe?/c+dir+c:\\

This default behavior can be modified to not un-escape percent encoded path delimiters using the schemeSettings configuration option for a specific scheme.

Configuration Files

This element can be used in the application configuration file or the machine configuration file (Machine.config).

Example

The following code example shows a configuration used by the Uri class to support not escaping percent-encoded path delimiters for the http scheme.

<configuration>
  <uri>
    <schemeSettings>
      <add name="http" genericUriParserOptions="DontUnescapePathDotsAndSlashes"/>
    </schemeSettings>
  </uri>
</configuration>

Element Information

Namespace

System

Schema Name

Validation File

Can be Empty

See Also

Reference

Network Settings Schema

System.Configuration.SchemeSettingElement

System.Configuration.SchemeSettingElementCollection

System.Configuration.UriSection

UriSection.SchemeSettings

System.GenericUriParserOptions

System.Uri