NVelocity and XSS
NVelocity is a view engine for MonoRail. It’s quite handy and it’s not difficult to deliver such views.
One of the flows I can name can be the security issues. By default there’s not much support for security. For instance it’s possible to perform XSS (Cross-site scripting) attacks by providing XHTML or JavaScript code.
I spent some time googleing for …
adminMonoRail – RenderMailMessage – System.ArgumentNullException: Value cannot be null. Parameter name: format
This was a nasty issue…
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ArgumentNullException: Value cannot be null. Parameter name: format at System.String.Format(IFormatProvider provider, String format, Object[] args) at System.String.Format(String format, Object arg0, Object arg1) --- End of inner exception stack trace ---
Background
This is part of the stack trace I got in one of …