3

Consider the following line of code:

string _decoded = System.Web.HttpUtility.UrlDecode(
  "There%20should%20be%20text%20after%20this%0022help!");

The encoded line 

"There%20should%20be%20text%20after%20this%0022help!"

when decoded via the website urldecoder.org produces

"There should be text after this22help!"

however the value of _decoded as displayed in the debugger is: Figure 1: Debugger view of problem

What could be causing this problem? Is there a setting or special encoding that will circumvent this in all cases?

EDIT: Yes, I consider this behavior to be an error. I don't want URLDecode to introduce the \0 char to the resultant string, because it would result in an invalid file name (my code is moving around files).

user77232
  • 203
  • 3
  • 10

1 Answers1

5

There is a null byte (\0 = %00) after this so the debugger doesn't show the rest of the string.

So the decoded value is correct, it's just the limitation (or bug?) of the debugger.

You can take a look at here for more info about null byte from security perspective. And there is this question posted about it as well.

Selman Genç
  • 100,147
  • 13
  • 119
  • 184
  • 1
    But `_decoded` is really `"There should be text after this" + "\0" + "22help!"` as expected, so the bug is not in the `UrlDecode` method. – Jeppe Stig Nielsen Aug 14 '18 at 14:33
  • Note that the string containing `\0` looks good in the debug windows Watch, Locals, Immediate etc. But when you click the little magnifying glass icon and get to "Text Visualizer", the problem occurs, as seen in akser's figure. – Jeppe Stig Nielsen Aug 14 '18 at 14:42