- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 30 Nov 2006 14:08:24 +0100
- To: WebDAV <w3c-dist-auth@w3.org>
Hi,
I'm posting this here hoping that somebody from MSFT who cares may read it.
There's a simple way to render a IIS (5.1) WebDAV resource unusable for
conforming clients - just set a custom property containing the Unicode
code point U+10000.
The result is a property that you can't access anymore using a client
based on a standards-conforming XML parser, because IIS returns an octet
sequence that isn't legal UTF-8:
ED A0 80 ED B0 80
Here's a script to test this with:
+++
var req = new ActiveXObject ("MSXML2.XMLHTTP");
var out = new ActiveXObject ("MSXML2.DOMDocument");
req.open ("PROPPATCH", WScript.Arguments(0), false,
WScript.Arguments(1), WScript.Arguments(2));
req.setRequestHeader ("Content-Type", "text/xml");
req.send ("<propertyupdate
xmlns='DAV:'><set><prop><foobar>𐀀</foobar></prop></set></propertyupdate>");
WScript.Echo (req.status);
WScript.Echo (req.getAllResponseHeaders());
WScript.Echo (req.responseText);
+++
(usage: cscript scriptname.js URI username password)
Best regards, Julian
Received on Thursday, 30 November 2006 13:08:37 UTC