3

I'm generating an e-mail in my website's controller with a link to my website:

"http://" & Request.Url.Authority & "/some-page"

This works when I tested it on my local machine (returns localhost:12345) and in production (returns www.company.com) but 1 person got this as a result:

http://www.company..com/some-page

As you can see there are 2 .. in the domain name. I can't reproduce this error, how is this possible?

Edit: a bit more information

  • The type of email I'm sending is a plain text email (no HTML or RTF)
  • The webserver logs show www.company.com as the domain when the problematic request was made
  • I only received a partial screenshot of the email. I think the email client is Outlook but I see no reason why Outlook would have misinterpreted the link.
  • It's certainly possible that this person (or malware) has edited the content of this email.
m.edmondson
  • 30,382
  • 27
  • 123
  • 206
ZippyV
  • 12,540
  • 3
  • 37
  • 52

3 Answers3

2

I should have tried this sooner with a simple example:

Module Module1
    Sub Main()
        Dim SomeAddress As New Uri("http://www.example..com/test")

        Console.WriteLine(SomeAddress.Authority)
    End Sub
End Module

This will throw an exception in the constructor:

System.UriFormatException - Invalid URI: The hostname could not be parsed

So the customer couldn't have received such an email from my code without editing it.

ZippyV
  • 12,540
  • 3
  • 37
  • 52
2

This is actually a problem with how the email is being encoded, see this answer: https://stackoverflow.com/a/6603002/186288. In summary, you should change the encoding to UTF8 to force base-64 encoding of the email, otherwise some email clients can misinterpret the default Content-Transfer-Encoding: Quoted-Printable; encoding and add in extra "."s in URLs that happen to hit a wrap point.

To do this, add this line before you send the email:

mail.BodyEncoding = System.Text.Encoding.UTF8;
Community
  • 1
  • 1
elRobbo
  • 613
  • 7
  • 10
1

Why are you using Request.Url.Authority? I suggest you avoid to use it, and use Request.Url.Host. It's better to use Request.Url.Host or Uri class constructor, when consturcting incorrect URI it will throw exception and you can either log it or show error.

Anyway it's hard to predict why one user have got www.company..com Anyway your code with Request.Url.Authority concatenation can not produce it. So maybe error is in other location.

Regfor
  • 8,515
  • 1
  • 38
  • 51
  • 3
    This information is incorrect. `Authority` simply returns the `Host` and `Port` (e.g., `localhost:12345`) of the original URI. It does not perform any DNS lookup. – Michael Liu Apr 21 '13 at 15:39
  • @MichaelLiu Look in documentation http://msdn.microsoft.com/en-us/library/system.uri.authority.aspx. Gets the Domain Name System (DNS) host name or IP address and the port number for a server. For your example based on what in DNS it will return localhost:12345 or 127.0.0.1:12345 – Regfor Apr 21 '13 at 19:36
  • 4
    That description in MSDN Library is misleading. As the **Property Value** and **Remarks** sections make clear, a better description would be "Gets the DNS host name or IP address and (if present) the port number components of the URI represented by this instance." Or just go [straight to the source](http://www.dotnetframework.org/default.aspx/DotNET/DotNET/8@0/untmp/whidbey/REDBITS/ndp/fx/src/Net/System/URI@cs/9/URI@cs). – Michael Liu Apr 21 '13 at 20:56
  • 1
    -1 as based on Michael Liu addition and link to source code just above the answer is incorrect and misleading. @Regfor may be worth amending the answer. – Giuseppe Romagnuolo Feb 27 '14 at 15:34
  • One small doubt. if I run the application in localhost I have port number in my URL but in production I do not have port number in the URL. So, I can freely use Url.Authority right? I mean if port number is not there then URl.Authority will act same as URL.Host right. I mean I will still be able to get the URL correctly right? please guide me,. – Unbreakable Dec 28 '16 at 16:05