MonoRail

NVelocity and XSS

NVelocity is a view engine for MonoRail. It’s quite handy and it’s not difficult to deliver such views.

One of the flows I can name can be the security issues. By default there’s not much support for security. For instance it’s possible to perform XSS (Cross-site scripting) attacks by providing XHTML or JavaScript code.

I spent some time googleing for …

MonoRail – RenderMailMessage – System.ArgumentNullException: Value cannot be null. Parameter name: format

This was a nasty issue…

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ArgumentNullException: 
Value cannot be null.
Parameter name: format
   at System.String.Format(IFormatProvider provider, String format, Object[] args)
   at System.String.Format(String format, Object arg0, Object arg1)
   --- End of inner exception stack trace ---

Background

This is part of the stack trace I got in one of …