Alpha state. A platform designed for building enterprise-grade, multi-tenant products using Azure, .NET, React, TypeScript, Infrastructure as Code, etc.
Describe the bug
The SPA HTML contains the userInfoEnv variable, which is serialized in C# using Encoding.UTF8 in SinglePageAppFallbackExtensions.GetHtmlWithEnvironment. However, when deserialising in the browser, Latin1 encoding is assumed in the call to atob:
Contact Details
No response
Detailed description?
Describe the bug The SPA HTML contains the
userInfoEnvvariable, which is serialized in C# usingEncoding.UTF8inSinglePageAppFallbackExtensions.GetHtmlWithEnvironment. However, when deserialising in the browser, Latin1 encoding is assumed in the call toatob:...resulting in:
The docs for
atobstate: Decodes a string into bytes using Latin-1 (ISO-8859), and encodes those bytes into a string using Base64.Expected behavior
Deserialization should use UTF-8.
Additional context
Why the Base64 serialization, rather than just using JSON? That would simplify and avoid the problem.
Severity
Medium
Is this bug security related?
Code of Conduct