diff --git a/src/Microsoft.AspNetCore.Mvc.Abstractions/IUrlHelper.cs b/src/Microsoft.AspNetCore.Mvc.Abstractions/IUrlHelper.cs
index 33a23fef25..8a0a75db9e 100644
--- a/src/Microsoft.AspNetCore.Mvc.Abstractions/IUrlHelper.cs
+++ b/src/Microsoft.AspNetCore.Mvc.Abstractions/IUrlHelper.cs
@@ -1,6 +1,7 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc.Routing;
namespace Microsoft.AspNetCore.Mvc
@@ -19,10 +20,18 @@ namespace Microsoft.AspNetCore.Mvc
/// Generates a URL with an absolute path for an action method, which contains the action
/// name, controller name, route values, protocol to use, host name, and fragment specified by
/// . Generates an absolute URL if and
- /// are non-null.
+ /// are non-null. See the remarks section for important security information.
///
/// The context object for the generated URLs for an action method.
/// The generated URL.
+ ///
+ ///
+ /// The value of should be a trusted value. Relying on the value of the current request
+ /// can allow untrusted input to influence the resulting URI unless the Host header has been validated.
+ /// See the deployment documentation for instructions on how to properly validate the Host header in
+ /// your deployment environment.
+ ///
+ ///
string Action(UrlActionContext actionContext);
///
@@ -65,19 +74,36 @@ namespace Microsoft.AspNetCore.Mvc
/// Generates a URL with an absolute path, which contains the route name, route values, protocol to use, host
/// name, and fragment specified by . Generates an absolute URL if
/// and are non-null.
+ /// See the remarks section for important security information.
///
/// The context object for the generated URLs for a route.
/// The generated URL.
+ ///
+ ///
+ /// The value of should be a trusted value. Relying on the value of the current request
+ /// can allow untrusted input to influence the resulting URI unless the Host header has been validated.
+ /// See the deployment documentation for instructions on how to properly validate the Host header in
+ /// your deployment environment.
+ ///
+ ///
string RouteUrl(UrlRouteContext routeContext);
///
/// Generates an absolute URL for the specified and route
/// , which contains the protocol (such as "http" or "https") and host name from the
- /// current request.
+ /// current request. See the remarks section for important security information.
///
/// The name of the route that is used to generate URL.
/// An object that contains route values.
/// The generated absolute URL.
+ ///
+ ///
+ /// This method uses the value of to populate the host section of the generated URI.
+ /// Relying on the value of the current request can allow untrusted input to influence the resulting URI unless
+ /// the Host header has been validated. See the deployment documentation for instructions on how to properly
+ /// validate the Host header in your deployment environment.
+ ///
+ ///
string Link(string routeName, object values);
}
}
diff --git a/src/Microsoft.AspNetCore.Mvc.Core/UrlHelperExtensions.cs b/src/Microsoft.AspNetCore.Mvc.Core/UrlHelperExtensions.cs
index e790b879ef..40c673da8c 100644
--- a/src/Microsoft.AspNetCore.Mvc.Core/UrlHelperExtensions.cs
+++ b/src/Microsoft.AspNetCore.Mvc.Core/UrlHelperExtensions.cs
@@ -2,9 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
-using System.Diagnostics;
-using Microsoft.AspNetCore.Mvc.Core;
-using Microsoft.AspNetCore.Mvc.Internal;
+using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc.Routing;
using Microsoft.AspNetCore.Routing;
@@ -108,7 +106,7 @@ namespace Microsoft.AspNetCore.Mvc
///
/// Generates a URL with an absolute path for an action method, which contains the specified
/// name, name, route , and
- /// to use.
+ /// to use. See the remarks section for important security information.
///
/// The .
/// The name of the action method.
@@ -116,6 +114,14 @@ namespace Microsoft.AspNetCore.Mvc
/// An object that contains route values.
/// The protocol for the URL, such as "http" or "https".
/// The generated URL.
+ ///
+ ///
+ /// This method uses the value of to populate the host section of the generated URI.
+ /// Relying on the value of the current request can allow untrusted input to influence the resulting URI unless
+ /// the Host header has been validated. See the deployment documentation for instructions on how to properly
+ /// validate the Host header in your deployment environment.
+ ///
+ ///
public static string Action(
this IUrlHelper helper,
string action,
@@ -136,7 +142,7 @@ namespace Microsoft.AspNetCore.Mvc
/// name, name, route ,
/// to use, and name.
/// Generates an absolute URL if the and are
- /// non-null.
+ /// non-null. See the remarks section for important security information.
///
/// The .
/// The name of the action method.
@@ -145,6 +151,14 @@ namespace Microsoft.AspNetCore.Mvc
/// The protocol for the URL, such as "http" or "https".
/// The host name for the URL.
/// The generated URL.
+ ///
+ ///
+ /// The value of should be a trusted value. Relying on the value of the current request
+ /// can allow untrusted input to influence the resulting URI unless the Host header has been validated.
+ /// See the deployment documentation for instructions on how to properly validate the Host header in
+ /// your deployment environment.
+ ///
+ ///
public static string Action(
this IUrlHelper helper,
string action,
@@ -166,7 +180,7 @@ namespace Microsoft.AspNetCore.Mvc
/// name, name, route ,
/// to use, name, and .
/// Generates an absolute URL if the and are
- /// non-null.
+ /// non-null. See the remarks section for important security information.
///
/// The .
/// The name of the action method.
@@ -176,6 +190,14 @@ namespace Microsoft.AspNetCore.Mvc
/// The host name for the URL.
/// The fragment for the URL.
/// The generated URL.
+ ///
+ ///
+ /// The value of should be a trusted value. Relying on the value of the current request
+ /// can allow untrusted input to influence the resulting URI unless the Host header has been validated.
+ /// See the deployment documentation for instructions on how to properly validate the Host header in
+ /// your deployment environment.
+ ///
+ ///
public static string Action(
this IUrlHelper helper,
string action,
@@ -253,13 +275,22 @@ namespace Microsoft.AspNetCore.Mvc
///
/// Generates a URL with an absolute path for the specified route and route
- /// , which contains the specified to use.
+ /// , which contains the specified to use. See the
+ /// remarks section for important security information.
///
/// The .
/// The name of the route that is used to generate URL.
/// An object that contains route values.
/// The protocol for the URL, such as "http" or "https".
/// The generated URL.
+ ///
+ ///
+ /// This method uses the value of to populate the host section of the generated URI.
+ /// Relying on the value of the current request can allow untrusted input to influence the resulting URI unless
+ /// the Host header has been validated. See the deployment documentation for instructions on how to properly
+ /// validate the Host header in your deployment environment.
+ ///
+ ///
public static string RouteUrl(
this IUrlHelper helper,
string routeName,
@@ -279,6 +310,7 @@ namespace Microsoft.AspNetCore.Mvc
/// , which contains the specified to use and
/// name. Generates an absolute URL if
/// and are non-null.
+ /// See the remarks section for important security information.
///
/// The .
/// The name of the route that is used to generate URL.
@@ -286,6 +318,14 @@ namespace Microsoft.AspNetCore.Mvc
/// The protocol for the URL, such as "http" or "https".
/// The host name for the URL.
/// The generated URL.
+ ///
+ ///
+ /// The value of should be a trusted value. Relying on the value of the current request
+ /// can allow untrusted input to influence the resulting URI unless the Host header has been validated.
+ /// See the deployment documentation for instructions on how to properly validate the Host header in
+ /// your deployment environment.
+ ///
+ ///
public static string RouteUrl(
this IUrlHelper helper,
string routeName,
@@ -306,6 +346,7 @@ namespace Microsoft.AspNetCore.Mvc
/// , which contains the specified to use,
/// name and . Generates an absolute URL if
/// and are non-null.
+ /// See the remarks section for important security information.
///
/// The .
/// The name of the route that is used to generate URL.
@@ -314,6 +355,14 @@ namespace Microsoft.AspNetCore.Mvc
/// The host name for the URL.
/// The fragment for the URL.
/// The generated URL.
+ ///
+ ///
+ /// The value of should be a trusted value. Relying on the value of the current request
+ /// can allow untrusted input to influence the resulting URI unless the Host header has been validated.
+ /// See the deployment documentation for instructions on how to properly validate the Host header in
+ /// your deployment environment.
+ ///
+ ///
public static string RouteUrl(
this IUrlHelper helper,
string routeName,
@@ -382,7 +431,8 @@ namespace Microsoft.AspNetCore.Mvc
=> Page(urlHelper, pageName, pageHandler, values, protocol: null);
///
- /// Generates a URL with an absolute path for the specified .
+ /// Generates a URL with an absolute path for the specified . See the remarks section
+ /// for important security information.
///
/// The .
/// The page name to generate the url for.
@@ -390,6 +440,14 @@ namespace Microsoft.AspNetCore.Mvc
/// An object that contains route values.
/// The protocol for the URL, such as "http" or "https".
/// The generated URL.
+ ///
+ ///
+ /// This method uses the value of to populate the host section of the generated URI.
+ /// Relying on the value of the current request can allow untrusted input to influence the resulting URI unless
+ /// the Host header has been validated. See the deployment documentation for instructions on how to properly
+ /// validate the Host header in your deployment environment.
+ ///
+ ///
public static string Page(
this IUrlHelper urlHelper,
string pageName,
@@ -399,7 +457,8 @@ namespace Microsoft.AspNetCore.Mvc
=> Page(urlHelper, pageName, pageHandler, values, protocol, host: null, fragment: null);
///
- /// Generates a URL with an absolute path for the specified .
+ /// Generates a URL with an absolute path for the specified . See the remarks section for
+ /// important security information.
///
/// The .
/// The page name to generate the url for.
@@ -408,6 +467,14 @@ namespace Microsoft.AspNetCore.Mvc
/// The protocol for the URL, such as "http" or "https".
/// The host name for the URL.
/// The generated URL.
+ ///
+ ///
+ /// The value of should be a trusted value. Relying on the value of the current request
+ /// can allow untrusted input to influence the resulting URI unless the Host header has been validated.
+ /// See the deployment documentation for instructions on how to properly validate the Host header in
+ /// your deployment environment.
+ ///
+ ///
public static string Page(
this IUrlHelper urlHelper,
string pageName,
@@ -418,7 +485,8 @@ namespace Microsoft.AspNetCore.Mvc
=> Page(urlHelper, pageName, pageHandler, values, protocol, host, fragment: null);
///
- /// Generates a URL with an absolute path for the specified .
+ /// Generates a URL with an absolute path for the specified . See the remarks section for
+ /// important security information.
///
/// The .
/// The page name to generate the url for.
@@ -428,6 +496,14 @@ namespace Microsoft.AspNetCore.Mvc
/// The host name for the URL.
/// The fragment for the URL.
/// The generated URL.
+ ///
+ ///
+ /// The value of should be a trusted value. Relying on the value of the current request
+ /// can allow untrusted input to influence the resulting URI unless the Host header has been validated.
+ /// See the deployment documentation for instructions on how to properly validate the Host header in
+ /// your deployment environment.
+ ///
+ ///
public static string Page(
this IUrlHelper urlHelper,
string pageName,