From 4487a9227f0fb4523a72e246c17589c1f3a0a83a Mon Sep 17 00:00:00 2001
From: Steve Molloy <smolloy@microsoft.com>
Date: Tue, 29 Jun 2021 21:48:56 -0700
Subject: [PATCH 1/6] Use a different XmlWriter which will check for invalid
 characters like null.

---
 .../src/System/Xml/Serialization/XmlSerializer.cs  | 14 ++++++++------
 .../XmlSerializerTests.RuntimeOnly.cs              |  7 +++++++
 .../tests/XmlSerializer/XmlSerializerTests.cs      | 11 +++++++++++
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
index 9241eadc04026c..1dc456170b717e 100644
--- a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
+++ b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
@@ -317,9 +317,10 @@ public void Serialize(TextWriter textWriter, object? o)
         [RequiresUnreferencedCode(TrimSerializationWarning)]
         public void Serialize(TextWriter textWriter, object? o, XmlSerializerNamespaces? namespaces)
         {
-            XmlTextWriter xmlWriter = new XmlTextWriter(textWriter);
-            xmlWriter.Formatting = Formatting.Indented;
-            xmlWriter.Indentation = 2;
+            //XmlTextWriter xmlWriter = new XmlTextWriter(textWriter);
+            //xmlWriter.Formatting = Formatting.Indented;
+            //xmlWriter.Indentation = 2;
+            XmlWriter xmlWriter = XmlWriter.Create(textWriter, new XmlWriterSettings() { CheckCharacters = true, IndentChars = "  ", Indent = true });
             Serialize(xmlWriter, o, namespaces);
         }
 
@@ -332,9 +333,10 @@ public void Serialize(Stream stream, object? o)
         [RequiresUnreferencedCode(TrimSerializationWarning)]
         public void Serialize(Stream stream, object? o, XmlSerializerNamespaces? namespaces)
         {
-            XmlTextWriter xmlWriter = new XmlTextWriter(stream, null);
-            xmlWriter.Formatting = Formatting.Indented;
-            xmlWriter.Indentation = 2;
+            //XmlTextWriter xmlWriter = new XmlTextWriter(stream, null);
+            //xmlWriter.Formatting = Formatting.Indented;
+            //xmlWriter.Indentation = 2;
+            XmlWriter xmlWriter = XmlWriter.Create(stream, new XmlWriterSettings() { CheckCharacters = true, IndentChars = "  ", Indent = true });
             Serialize(xmlWriter, o, namespaces);
         }
 
diff --git a/src/libraries/System.Private.Xml/tests/XmlSerializer/XmlSerializerTests.RuntimeOnly.cs b/src/libraries/System.Private.Xml/tests/XmlSerializer/XmlSerializerTests.RuntimeOnly.cs
index 182fb0a3d717d8..bd8abe6ad5a946 100644
--- a/src/libraries/System.Private.Xml/tests/XmlSerializer/XmlSerializerTests.RuntimeOnly.cs
+++ b/src/libraries/System.Private.Xml/tests/XmlSerializer/XmlSerializerTests.RuntimeOnly.cs
@@ -262,6 +262,13 @@ public static void Xml_StringAsRoot()
 "<?xml version=\"1.0\"?><string>Hello World! \u6F22 \u00F1</string>"));
     }
 
+    [Fact]
+    public static void Xml_StringWithNullChar()
+    {
+        Assert.Throws<InvalidOperationException>(() => SerializeWithDefaultValue<string>("Sample\0String", null));
+        Assert.Throws<InvalidOperationException>(() => DeserializeFromXmlString<string>("<?xml version=\"1.0\"?><string>Sample&#x0;String</string>"));
+    }
+
     [Fact]
     public static void Xml_UintAsRoot()
     {
diff --git a/src/libraries/System.Private.Xml/tests/XmlSerializer/XmlSerializerTests.cs b/src/libraries/System.Private.Xml/tests/XmlSerializer/XmlSerializerTests.cs
index 364c4f880082b8..28d3f11df9b54d 100644
--- a/src/libraries/System.Private.Xml/tests/XmlSerializer/XmlSerializerTests.cs
+++ b/src/libraries/System.Private.Xml/tests/XmlSerializer/XmlSerializerTests.cs
@@ -1726,6 +1726,17 @@ private static bool SerializeWithDefaultValue<T>(T value, string baseline)
         }
     }
 
+    private static T DeserializeFromXmlString<T>(string xmlString)
+    {
+        XmlSerializer serializer = new XmlSerializer(typeof(T));
+        using (Stream ms = GenerateStreamFromString(xmlString))
+        {
+            T value = (T)serializer.Deserialize(ms);
+            return value;
+        }
+
+    }
+
     [Fact]
     public static void Xml_TypeWithMismatchBetweenAttributeAndPropertyType()
     {

From 12c3baeff2c42d031e08531e64ec5f74feced01d Mon Sep 17 00:00:00 2001
From: Steve Molloy <smolloy@microsoft.com>
Date: Tue, 29 Jun 2021 22:53:50 -0700
Subject: [PATCH 2/6] Bring our XmlReader use into the 21st century as well.

---
 .../src/System/Xml/Serialization/XmlSerializer.cs        | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
index 1dc456170b717e..39316fbe1304b7 100644
--- a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
+++ b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
@@ -423,10 +423,11 @@ private XmlMapping GetMapping()
         [RequiresUnreferencedCode(TrimDeserializationWarning)]
         public object? Deserialize(Stream stream)
         {
-            XmlTextReader xmlReader = new XmlTextReader(stream);
-            xmlReader.WhitespaceHandling = WhitespaceHandling.Significant;
-            xmlReader.Normalization = true;
-            xmlReader.XmlResolver = null;
+            //XmlTextReader xmlReader = new XmlTextReader(stream);
+            //xmlReader.WhitespaceHandling = WhitespaceHandling.Significant;
+            //xmlReader.Normalization = true;
+            //xmlReader.XmlResolver = null;
+            XmlReader xmlReader = XmlReader.Create(stream, new XmlReaderSettings() { IgnoreWhitespace = true });
             return Deserialize(xmlReader, null);
         }
 

From e3d3bf46e2eded69265129634901960fefa10df8 Mon Sep 17 00:00:00 2001
From: Steve Molloy <smolloy@microsoft.com>
Date: Sun, 11 Jul 2021 02:41:24 -0700
Subject: [PATCH 3/6] Update
 src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs

Co-authored-by: Stephen Toub <stoub@microsoft.com>
---
 .../src/System/Xml/Serialization/XmlSerializer.cs              | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
index 39316fbe1304b7..c24a2e7975c31c 100644
--- a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
+++ b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
@@ -317,9 +317,6 @@ public void Serialize(TextWriter textWriter, object? o)
         [RequiresUnreferencedCode(TrimSerializationWarning)]
         public void Serialize(TextWriter textWriter, object? o, XmlSerializerNamespaces? namespaces)
         {
-            //XmlTextWriter xmlWriter = new XmlTextWriter(textWriter);
-            //xmlWriter.Formatting = Formatting.Indented;
-            //xmlWriter.Indentation = 2;
             XmlWriter xmlWriter = XmlWriter.Create(textWriter, new XmlWriterSettings() { CheckCharacters = true, IndentChars = "  ", Indent = true });
             Serialize(xmlWriter, o, namespaces);
         }

From 2f43131799aab4cf820bab352bb33d643a4de69b Mon Sep 17 00:00:00 2001
From: Steve Molloy <smolloy@microsoft.com>
Date: Sun, 11 Jul 2021 02:41:32 -0700
Subject: [PATCH 4/6] Update
 src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs

Co-authored-by: Stephen Toub <stoub@microsoft.com>
---
 .../src/System/Xml/Serialization/XmlSerializer.cs              | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
index c24a2e7975c31c..9a0aad6282586b 100644
--- a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
+++ b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
@@ -330,9 +330,6 @@ public void Serialize(Stream stream, object? o)
         [RequiresUnreferencedCode(TrimSerializationWarning)]
         public void Serialize(Stream stream, object? o, XmlSerializerNamespaces? namespaces)
         {
-            //XmlTextWriter xmlWriter = new XmlTextWriter(stream, null);
-            //xmlWriter.Formatting = Formatting.Indented;
-            //xmlWriter.Indentation = 2;
             XmlWriter xmlWriter = XmlWriter.Create(stream, new XmlWriterSettings() { CheckCharacters = true, IndentChars = "  ", Indent = true });
             Serialize(xmlWriter, o, namespaces);
         }

From a10731a43a8ab51f022686ddad2970c85e5a9e5b Mon Sep 17 00:00:00 2001
From: Steve Molloy <smolloy@microsoft.com>
Date: Sun, 11 Jul 2021 02:41:41 -0700
Subject: [PATCH 5/6] Update
 src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs

Co-authored-by: Stephen Toub <stoub@microsoft.com>
---
 .../src/System/Xml/Serialization/XmlSerializer.cs             | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
index 9a0aad6282586b..841522171b8283 100644
--- a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
+++ b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
@@ -417,10 +417,6 @@ private XmlMapping GetMapping()
         [RequiresUnreferencedCode(TrimDeserializationWarning)]
         public object? Deserialize(Stream stream)
         {
-            //XmlTextReader xmlReader = new XmlTextReader(stream);
-            //xmlReader.WhitespaceHandling = WhitespaceHandling.Significant;
-            //xmlReader.Normalization = true;
-            //xmlReader.XmlResolver = null;
             XmlReader xmlReader = XmlReader.Create(stream, new XmlReaderSettings() { IgnoreWhitespace = true });
             return Deserialize(xmlReader, null);
         }

From 0c0f2b26b5f6da79862e411507d5418ea08bb68d Mon Sep 17 00:00:00 2001
From: Steve Molloy <smolloy@microsoft.com>
Date: Tue, 13 Jul 2021 00:56:56 -0700
Subject: [PATCH 6/6] Don't need to specify options that are defaults on
 XmlWriter.

---
 .../src/System/Xml/Serialization/XmlSerializer.cs             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
index 841522171b8283..f0310fa2abb5e8 100644
--- a/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
+++ b/src/libraries/System.Private.Xml/src/System/Xml/Serialization/XmlSerializer.cs
@@ -317,7 +317,7 @@ public void Serialize(TextWriter textWriter, object? o)
         [RequiresUnreferencedCode(TrimSerializationWarning)]
         public void Serialize(TextWriter textWriter, object? o, XmlSerializerNamespaces? namespaces)
         {
-            XmlWriter xmlWriter = XmlWriter.Create(textWriter, new XmlWriterSettings() { CheckCharacters = true, IndentChars = "  ", Indent = true });
+            XmlWriter xmlWriter = XmlWriter.Create(textWriter, new XmlWriterSettings() { Indent = true });
             Serialize(xmlWriter, o, namespaces);
         }
 
@@ -330,7 +330,7 @@ public void Serialize(Stream stream, object? o)
         [RequiresUnreferencedCode(TrimSerializationWarning)]
         public void Serialize(Stream stream, object? o, XmlSerializerNamespaces? namespaces)
         {
-            XmlWriter xmlWriter = XmlWriter.Create(stream, new XmlWriterSettings() { CheckCharacters = true, IndentChars = "  ", Indent = true });
+            XmlWriter xmlWriter = XmlWriter.Create(stream, new XmlWriterSettings() { Indent = true });
             Serialize(xmlWriter, o, namespaces);
         }