diff --git a/examples/Demo/Shared/Microsoft.FluentUI.AspNetCore.Components.xml b/examples/Demo/Shared/Microsoft.FluentUI.AspNetCore.Components.xml
index 5c48324584..4da62955fa 100644
--- a/examples/Demo/Shared/Microsoft.FluentUI.AspNetCore.Components.xml
+++ b/examples/Demo/Shared/Microsoft.FluentUI.AspNetCore.Components.xml
@@ -5302,9 +5302,6 @@
-
-
-
@@ -10308,6 +10305,11 @@
Gets the default tooltip options.
+
+
+ Gets or sets the text used on aria-label attribute.
+
+
Gets or sets the value indicating whether the library should close the tooltip if the cursor leaves the anchor and the tooltip.
@@ -15901,12 +15903,6 @@
Helper methods used by generated -derived implementations.
-
- Default timeout value set in , or if none was set.
-
-
- Whether is non-infinite.
-
Supports searching for characters in or not in "-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz".
diff --git a/src/Core/Components/Accordion/FluentAccordion.razor.cs b/src/Core/Components/Accordion/FluentAccordion.razor.cs
index 85bc394dca..66f1f81bfa 100644
--- a/src/Core/Components/Accordion/FluentAccordion.razor.cs
+++ b/src/Core/Components/Accordion/FluentAccordion.razor.cs
@@ -53,12 +53,12 @@ private async Task HandleOnAccordionChangedAsync(AccordionChangeEventArgs args)
{
if (args is not null)
{
- var Id = args.ActiveId;
- if (Id is not null && items.TryGetValue(Id!, out FluentAccordionItem? item))
+ var id = args.ActiveId;
+ if (id is not null && items.TryGetValue(id!, out FluentAccordionItem? item))
{
item.Expanded = args.Expanded;
await OnAccordionItemChange.InvokeAsync(item);
- await ActiveIdChanged.InvokeAsync(Id);
+ await ActiveIdChanged.InvokeAsync(id);
}
}
}
diff --git a/src/Core/Components/DataGrid/Columns/ColumnBase.razor.cs b/src/Core/Components/DataGrid/Columns/ColumnBase.razor.cs
index 78c42b5437..aea06a9539 100644
--- a/src/Core/Components/DataGrid/Columns/ColumnBase.razor.cs
+++ b/src/Core/Components/DataGrid/Columns/ColumnBase.razor.cs
@@ -269,7 +269,7 @@ protected void HandleKeyDown(FluentKeyCodeEventArgs e)
///
/// Constructs an instance of .
///
- public ColumnBase()
+ protected ColumnBase()
{
HeaderContent = RenderDefaultHeaderContent;
HeaderTitleContent = RenderDefaultHeaderTitle;
diff --git a/src/Core/Components/Emojis/Emoji.cs b/src/Core/Components/Emojis/Emoji.cs
index 72624295a8..0ecaa403b0 100644
--- a/src/Core/Components/Emojis/Emoji.cs
+++ b/src/Core/Components/Emojis/Emoji.cs
@@ -17,7 +17,7 @@ public class Emoji : EmojiInfo
/// Please use the constructor including parameters.
///
///
- public Emoji() : this(string.Empty, EmojiSize.Size16, EmojiGroup.Flags, EmojiSkintone.Default, EmojiStyle.Flat, new byte[] { })
+ public Emoji() : this(string.Empty, EmojiSize.Size16, EmojiGroup.Flags, EmojiSkintone.Default, EmojiStyle.Flat, Array.Empty())
{
throw new ArgumentNullException("Please use the constructor including parameters.");
}
diff --git a/src/Core/Components/InputFile/FluentInputFile.razor.cs b/src/Core/Components/InputFile/FluentInputFile.razor.cs
index 260d2025e0..90b9ff4098 100644
--- a/src/Core/Components/InputFile/FluentInputFile.razor.cs
+++ b/src/Core/Components/InputFile/FluentInputFile.razor.cs
@@ -41,9 +41,6 @@ public FluentInputFile()
///
private IJSObjectReference? Module { get; set; }
- ///
- private bool DropOver { get; set; } = false;
-
///
protected string? ClassValue => new CssBuilder(Class)
.AddClass("fluent-inputfile-container")
diff --git a/src/Core/Components/List/ListComponentBase.razor.cs b/src/Core/Components/List/ListComponentBase.razor.cs
index 06bb5577a1..950b7c1e1c 100644
--- a/src/Core/Components/List/ListComponentBase.razor.cs
+++ b/src/Core/Components/List/ListComponentBase.razor.cs
@@ -206,7 +206,7 @@ protected string? InternalValue
public Expression>>? SelectedOptionsExpression { get; set; }
///
- public ListComponentBase()
+ protected ListComponentBase()
{
_internalListContext = new(this);
diff --git a/src/Core/Components/Overlay/FluentOverlay.razor.cs b/src/Core/Components/Overlay/FluentOverlay.razor.cs
index 4d9b3b9b39..187e94b131 100644
--- a/src/Core/Components/Overlay/FluentOverlay.razor.cs
+++ b/src/Core/Components/Overlay/FluentOverlay.razor.cs
@@ -305,6 +305,6 @@ private async Task InvokeOverlayDisposeAsync()
}
}
- [GeneratedRegex("^(?:#(?:[a-fA-F0-9]{6}|[a-fA-F0-9]{3}))")]
+ [GeneratedRegex("^(?:#(?:[a-fA-F0-9]{6}|[a-fA-F0-9]{3}))", RegexOptions.None, matchTimeoutMilliseconds: 1000)] //Add timeout to prevent ReDoS
private static partial Regex CheckRGBString();
}
diff --git a/src/Core/Components/Tooltip/FluentTooltip.razor.cs b/src/Core/Components/Tooltip/FluentTooltip.razor.cs
index 53827dda19..40cb4e1111 100644
--- a/src/Core/Components/Tooltip/FluentTooltip.razor.cs
+++ b/src/Core/Components/Tooltip/FluentTooltip.razor.cs
@@ -43,7 +43,6 @@ public partial class FluentTooltip : FluentComponentBase, IDisposable
///
protected virtual TooltipGlobalOptions? GlobalOptions => TooltipService?.GlobalOptions;
-
///
/// Gets or sets the text used on aria-label attribute.
///
diff --git a/src/Core/Components/TreeView/FluentTreeItem.razor.cs b/src/Core/Components/TreeView/FluentTreeItem.razor.cs
index 148050455d..1a4da31d6d 100644
--- a/src/Core/Components/TreeView/FluentTreeItem.razor.cs
+++ b/src/Core/Components/TreeView/FluentTreeItem.razor.cs
@@ -210,21 +210,22 @@ internal static RenderFragment GetFluentTreeItem(FluentTreeView owner, ITreeView
{
RenderFragment fluentTreeItem = builder =>
{
- int i = 0;
- builder.OpenComponent(i++);
- builder.AddAttribute(i++, "Id", item.Id);
- builder.AddAttribute(i++, "Items", item.Items);
- builder.AddAttribute(i++, "Text", item.Text);
- builder.AddAttribute(i++, "InitiallySelected", owner.SelectedItem == item);
- builder.AddAttribute(i++, "Expanded", item.Expanded);
- builder.AddAttribute(i++, "Disabled", item.Disabled);
- builder.AddAttribute(i++, "IconCollapsed", item.IconCollapsed);
- builder.AddAttribute(i++, "IconExpanded", item.IconExpanded);
+ //Don't use calculation or counter for building sequence numbers
+ //See: https://learn.microsoft.com/en-us/aspnet/core/blazor/advanced-scenarios?view=aspnetcore-9.0&utm_source=chatgpt.com#manually-build-a-render-tree-rendertreebuilder
+ builder.OpenComponent(0);
+ builder.AddAttribute(1, "Id", item.Id);
+ builder.AddAttribute(2, "Items", item.Items);
+ builder.AddAttribute(3, "Text", item.Text);
+ builder.AddAttribute(4, "InitiallySelected", owner.SelectedItem == item);
+ builder.AddAttribute(5, "Expanded", item.Expanded);
+ builder.AddAttribute(6, "Disabled", item.Disabled);
+ builder.AddAttribute(7, "IconCollapsed", item.IconCollapsed);
+ builder.AddAttribute(8, "IconExpanded", item.IconExpanded);
builder.SetKey(item.Id);
if (owner.ItemTemplate != null)
{
- builder.AddAttribute(i++, "ChildContent", owner.ItemTemplate(item));
+ builder.AddAttribute(9, "ChildContent", owner.ItemTemplate(item));
}
builder.CloseComponent();
diff --git a/src/Core/Components/Wizard/FluentWizard.razor.cs b/src/Core/Components/Wizard/FluentWizard.razor.cs
index 99e4fed551..0731496ae7 100644
--- a/src/Core/Components/Wizard/FluentWizard.razor.cs
+++ b/src/Core/Components/Wizard/FluentWizard.razor.cs
@@ -238,7 +238,7 @@ protected virtual async Task OnStepChangeHandle
///
protected virtual async Task OnFinishHandlerAsync(MouseEventArgs e)
{
- await this.FinishAsync(true);
+ await FinishAsync(true);
}
///
@@ -332,10 +332,6 @@ private void SetCurrentStatusToStep(int stepIndex)
{
_steps[i].Status = WizardStepStatus.Current;
}
- else if (i > stepIndex)
- {
- _steps[i].Status = WizardStepStatus.Next;
- }
else
{
_steps[i].Status = WizardStepStatus.Next;
diff --git a/src/Core/Infrastructure/StaticAssetServiceConfiguration.cs b/src/Core/Infrastructure/StaticAssetServiceConfiguration.cs
deleted file mode 100644
index 2853c9b357..0000000000
--- a/src/Core/Infrastructure/StaticAssetServiceConfiguration.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-// ------------------------------------------------------------------------
-// This file is licensed to you under the MIT License.
-// ------------------------------------------------------------------------
-namespace Microsoft.FluentUI.AspNetCore.Components;
-
-public class StaticAssetServiceConfiguration
-{
- private string _baseAddress = string.Empty;
-
- internal event Action? OnUpdate;
-
- public string BaseAddress
- {
- get => _baseAddress;
- set
- {
- _baseAddress = value;
- OnUpdate?.Invoke();
- }
- }
-}
diff --git a/src/Core/Utilities/CssBuilder.cs b/src/Core/Utilities/CssBuilder.cs
index 174886a6a4..600ec7e6ce 100644
--- a/src/Core/Utilities/CssBuilder.cs
+++ b/src/Core/Utilities/CssBuilder.cs
@@ -123,6 +123,6 @@ private IEnumerable SplitAndValidate(string input)
/// Generates the regex used to validate CSS class names.
///
/// A compiled regex for validating CSS class names
- [GeneratedRegex(@"^-?[_a-zA-Z]+[_a-zA-Z0-9-]*$", RegexOptions.Compiled)]
+ [GeneratedRegex(@"^-?[_a-zA-Z]+[_a-zA-Z0-9-]*$", RegexOptions.Compiled, matchTimeoutMilliseconds: 1000)] //Add timeout to prevent ReDoS
private static partial Regex GenerateValidClassNameRegex();
}
diff --git a/src/Core/Utilities/Splitter.cs b/src/Core/Utilities/Splitter.cs
index 4a08f174ac..97e0e4cff0 100644
--- a/src/Core/Utilities/Splitter.cs
+++ b/src/Core/Utilities/Splitter.cs
@@ -86,7 +86,8 @@ internal static Memory GetFragments(
builder.Clear();
_stringBuilderCached = builder;
- var splits = Regex.Split(text, regex, caseSensitive ? RegexOptions.None : RegexOptions.IgnoreCase);
+ //Add timeout to prevent ReDoS
+ var splits = Regex.Split(text, regex, caseSensitive ? RegexOptions.None : RegexOptions.IgnoreCase, TimeSpan.FromSeconds(1));
var length = 0;
for (var i = 0; i < splits.Length; i++)