Vulnerability in EPiServer.Forms
I have a truly bizarre problem. I have a page template with a custom control on it. When it renders in Edit Mode, all is well. However, when it renders in View Mode (so, when I click the "eyeball" icon in the top left of Edit Mode), it throws this error:
[UriFormatException: Invalid URI: The hostname could not be parsed.]
at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
at EPiServer.UrlBuilder..ctor(UrlBuilder url)
at EPiServer.Web.FriendlyUrlRewriteProvider.ConvertToInternal(UrlBuilder url, Object& internalObject)
at EPiServer.Web.UrlRewriteModule.HttpUrlRewriteToInternal(UrlBuilder url)
at EPiServer.Web.UrlRewriteModuleBase.BeginRequestEventHandler(Object sender, EventArgs e)
Now, I'm deeply confused about this, because I can't see how the server knows that the page is being request from Edit or View Mode, so how can it consistently throw this error in one mode or the other?
The error seems to be coming out of EPiServer's HTML rewriting system. It looks like it's not happy with a link on the page, but this link would be there in Edit Mode too, so I can't understand why it overlooks a bad link then, but throws an error in View Mode.
My question, then is two-fold:
When you click on "go to view mode" you actually load a specific "go to view mode"-page that's takes care of resolving the url for the page. I can't see if it's this page or the actual template that throws the exception. If it's the viewmodetransferpage I guess that it's a bug in EPiServer UIs. If it's the template, are you getting the same error when browsing to the page from the site?
It's getting past the "go to view mode" page. The URL in the browser bar is the actual URL of the page. If I just type that URL into a browser, I get the error too, so the error is coming from the page itself.
Since I love a debugging challenge, I'll chime in here!
I believe that the answer to your question is in the value of the parameter "uri" to System.Uri.CreateThis. Let me explain how I would troubleshoot this.
I would use WinDbg to attach to the web process, set a breakpoint at the UriFormatException constructor, and examine the parameters to the methods in the call stack. In more detail, this is how you do it.
Use "!help" for SOS extension command summary.
HTH and happy hacking,
I found the problem -- I was rewriting a malformed URL. I was putting something on the end of it, and it was all screwed up.
In Edit Mode this went AFTER the querystring that Edit Mode adds, so it worked. In View Mode, there was no querystring, so the thing I was putting on the end was counted as part of the domain. Like so:
IN EDIT MODE:
http://mydomain.com/thispage?id=123[my screwed up stuff here]
IN VIEW MODE:
http://mydomain.com[my screwed up stuff here]
The second version resulted in a URL that wouldn't parse.
Smooth, I know.