Merge pull request #10768 from dotnet/main

dotnet-policy-service[bot] · web-flow · commit 0faaaafeaf88 · 2024-12-17T14:02:15.000Z
Merge main into live
diff --git a/includes/untrusted-data-class-note.md b/includes/untrusted-data-class-note.md
@@ -1,2 +1,2 @@
 > [!IMPORTANT]
-> Calling methods from this class with untrusted data is a security risk. Call the methods from this class only with trusted data. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+> Calling methods from this class with untrusted data is a security risk. Call the methods from this class only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
diff --git a/includes/untrusted-data-instance-note.md b/includes/untrusted-data-instance-note.md
@@ -1,2 +1,2 @@
 > [!IMPORTANT]
-> Using an instance of this object with untrusted data is a security risk. Use this object only with trusted data. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+> Using an instance of this object with untrusted data is a security risk. Use this object only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
diff --git a/includes/untrusted-data-interface-note.md b/includes/untrusted-data-interface-note.md
@@ -1,2 +1,2 @@
 > [!IMPORTANT]
-> Calling methods from classes that implement this interface with untrusted data is a security risk. Call the methods from classes that implement this interface only with trusted data. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+> Calling methods from classes that implement this interface with untrusted data is a security risk. Call the methods from classes that implement this interface only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
diff --git a/includes/untrusted-data-method-note.md b/includes/untrusted-data-method-note.md
@@ -1,2 +1,2 @@
 > [!IMPORTANT]
-> Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+> Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
diff --git a/xml/System.Runtime.Remoting.Channels/BinaryClientFormatterSink.xml b/xml/System.Runtime.Remoting.Channels/BinaryClientFormatterSink.xml
@@ -41,7 +41,7 @@
 |`includeVersions`|Specifies whether the formatter will include versioning information. Values are `true` or `false`.|
 
 > [!IMPORTANT]
->  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+>  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
  ]]></format>
     </remarks>
diff --git a/xml/System.Runtime.Remoting.Channels/BinaryClientFormatterSinkProvider.xml b/xml/System.Runtime.Remoting.Channels/BinaryClientFormatterSinkProvider.xml
@@ -41,7 +41,7 @@
 |`includeVersions`|Specifies whether the formatter will include versioning information. Values are `true` or `false`.|
 
 > [!IMPORTANT]
->  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+>  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
  ]]></format>
     </remarks>
diff --git a/xml/System.Runtime.Remoting.Channels/BinaryServerFormatterSink.xml b/xml/System.Runtime.Remoting.Channels/BinaryServerFormatterSink.xml
@@ -39,7 +39,7 @@
 |`typeFilterLevel`|A string value that specifies the level of automatic deserialization that a server channel attempts. Supported values are `Low` (the default) and `Full`. For details about deserialization levels, see [Automatic Deserialization in .NET Framework Remoting](https://learn.microsoft.com/previous-versions/dotnet/netframework-4.0/5dxse167(v=vs.100)).<br /><br /> This property is supported only by the .NET Framework version 1.1 on the following platforms: Windows 98, Windows NT 4.0, Windows Millennium Edition, Windows 2000, Windows XP Home Edition, Windows XP Professional, and Windows Server 2003 family.|
 
 > [!IMPORTANT]
->  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+>  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
  ]]></format>
     </remarks>
diff --git a/xml/System.Runtime.Remoting.Channels/BinaryServerFormatterSinkProvider.xml b/xml/System.Runtime.Remoting.Channels/BinaryServerFormatterSinkProvider.xml
@@ -43,7 +43,7 @@
 |`includeVersions`|Specifies whether the formatter will include versioning information. Values are `true` or `false`.|
 
 > [!IMPORTANT]
->  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+>  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
  ]]></format>
     </remarks>
diff --git a/xml/System.Runtime.Remoting.Channels/SoapClientFormatterSink.xml b/xml/System.Runtime.Remoting.Channels/SoapClientFormatterSink.xml
@@ -41,7 +41,7 @@
 |`includeVersions`|Specifies whether the formatter will include versioning information. Values are `true` or `false`.|
 
 > [!IMPORTANT]
->  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+>  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
  ]]></format>
     </remarks>
diff --git a/xml/System.Runtime.Remoting.Channels/SoapClientFormatterSinkProvider.xml b/xml/System.Runtime.Remoting.Channels/SoapClientFormatterSinkProvider.xml
@@ -41,7 +41,7 @@
 |`includeVersions`|Specifies whether the formatter will include versioning information. Values are `true` or `false`.|
 
 > [!IMPORTANT]
->  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+>  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
  ]]></format>
     </remarks>
diff --git a/xml/System.Runtime.Remoting.Channels/SoapServerFormatterSink.xml b/xml/System.Runtime.Remoting.Channels/SoapServerFormatterSink.xml
@@ -37,7 +37,7 @@
 |`typeFilterLevel`|A string value specifying the level of automatic deserialization a server channel attempts. Supported values are `Low` (the default) and `Full`. For details about deserialization levels, see [Automatic Deserialization in .NET Framework Remoting](https://learn.microsoft.com/previous-versions/dotnet/netframework-4.0/5dxse167(v=vs.100)).<br /><br /> This property is supported only by the .NET Framework version 1.1 on the following platforms: Windows 98, Windows NT 4.0, Windows Millennium Edition, Windows 2000, Windows XP Home Edition, Windows XP Professional, and Windows Server 2003 family.|
 
 > [!IMPORTANT]
->  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+>  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
  ]]></format>
     </remarks>
diff --git a/xml/System.Runtime.Remoting.Channels/SoapServerFormatterSinkProvider.xml b/xml/System.Runtime.Remoting.Channels/SoapServerFormatterSinkProvider.xml
@@ -43,7 +43,7 @@
 |`includeVersions`|Specifies whether the formatter will include versioning information. Values are `true` or `false`.|
 
 > [!IMPORTANT]
->  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).
+>  Using an instance of this object with untrusted data or across an unsecure channel is a security risk. Use this object only with trusted data and across a secure channel. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).
 
  ]]></format>
     </remarks>
diff --git a/xml/System.Web.Script.Serialization/JavaScriptSerializer.xml b/xml/System.Web.Script.Serialization/JavaScriptSerializer.xml
@@ -145,7 +145,7 @@ To serialize an object, use the <xref:System.Web.Script.Serialization.JavaScript
  The instance of <xref:System.Web.Script.Serialization.JavaScriptSerializer> that is used by the asynchronous communication layer for invoking Web services from client script uses a special type resolver. This type resolver restricts the types that can be deserialized to those defined in the Web service's method signature, or the ones that have the <xref:System.Web.Script.Services.GenerateScriptTypeAttribute> applied. You cannot modify this built-in type resolver programmatically.  
   
 > [!IMPORTANT]
->  Using an instance of this object initialized with a custom type-resolver can present a security risk. Use this object only with trusted data. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).  
+>  Using an instance of this object initialized with a custom type-resolver can present a security risk. Use this object only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).  
   
  ]]></format>
         </remarks>
diff --git a/xml/System/EventHandler.xml b/xml/System/EventHandler.xml
@@ -78,32 +78,22 @@
       <format type="text/markdown"><![CDATA[
 
 ## Remarks
- The event model in the .NET Framework is based on having an event delegate that connects an event with its handler. To raise an event, two elements are needed:
 
--   A delegate that identifies the method that provides the response to the event.
+The event model in .NET is based on having an event delegate that connects an event with its handler. To raise an event, two elements are needed:
 
--   Optionally, a class that holds the event data, if the event provides data.
+- A delegate that identifies the method that provides the response to the event.
+- Optionally, a class that holds the event data, if the event provides data.
 
  The delegate is a type that defines a signature, that is, the return value type and parameter list types for a method. You can use the delegate type to declare a variable that can refer to any method with the same signature as the delegate.
 
  The standard signature of an event handler delegate defines a method that does not return a value. This method's first parameter is of type <xref:System.Object> and refers to the instance that raises the event. Its second parameter is derived from type <xref:System.EventArgs> and holds the event data. If the event does not generate event data, the second parameter is simply the value of the <xref:System.EventArgs.Empty?displayProperty=nameWithType> field. Otherwise, the second parameter is a type derived from <xref:System.EventArgs> and supplies any fields or properties needed to hold the event data.
 
- The <xref:System.EventHandler> delegate is a predefined delegate that specifically represents an event handler method for an event that does not generate data. If your event does generate data, you must use the generic <xref:System.EventHandler%601> delegate class.
+ The <xref:System.EventHandler> delegate is a predefined delegate that specifically represents an event handler method for an event that does not generate data. If your event does generate data, you must use the generic <xref:System.EventHandler`1> delegate class.
 
  To associate the event with the method that will handle the event, add an instance of the delegate to the event. The event handler is called whenever the event occurs, unless you remove the delegate.
 
  For more information about event handler delegates, see [Handling and Raising Events](/dotnet/standard/events/).
 
-
-
-## Examples
- The following example shows an event named `ThresholdReached` that is associated with an <xref:System.EventHandler> delegate. The method assigned to the <xref:System.EventHandler> delegate is called in the `OnThresholdReached` method.
-
- :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/eventsoverview/cpp/programwithdata.cpp" id="Snippet6":::
- :::code language="csharp" source="~/snippets/csharp/System/EventArgs/Overview/programwithdata.cs" id="Snippet6":::
- :::code language="fsharp" source="~/snippets/fsharp/System/EventArgs/Overview/programwithdata.fs" id="Snippet6":::
- :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/eventsoverview/vb/module1withdata.vb" id="Snippet6":::
-
  ]]></format>
     </remarks>
     <altmember cref="T:System.EventHandler`1" />
@@ -114,6 +104,5 @@
     <related type="Article" href="/dotnet/visual-basic/programming-guide/language-features/events/">Events (Visual Basic)</related>
     <related type="Article" href="/dotnet/csharp/programming-guide/events/">Events (C# Programming Guide)</related>
     <related type="Article" href="/dotnet/fsharp/language-reference/members/events/">Events (F#)</related>
-    <related type="Article" href="https://learn.microsoft.com/previous-versions/windows/apps/hh758286(v=win.10)">Events and routed events overview (Windows store apps)</related>
   </Docs>
 </Type>
diff --git a/xml/System/EventHandler`1.xml b/xml/System/EventHandler`1.xml
@@ -88,26 +88,25 @@
       <format type="text/markdown"><![CDATA[
 
 ## Remarks
- The event model in the .NET Framework is based on having an event delegate that connects an event with its handler. To raise an event, two elements are needed:
 
--   A delegate that refers to a method that provides the response to the event.
+The event model in .NET is based on having an event delegate that connects an event with its handler. To raise an event, two elements are needed:
 
--   Optionally, a class that holds the event data, if the event provides data.
+- A delegate that refers to a method that provides the response to the event.
+- Optionally, a class that holds the event data, if the event provides data.
 
  The delegate is a type that defines a signature, that is, the return value type and parameter list types for a method. You can use the delegate type to declare a variable that can refer to any method with the same signature as the delegate.
 
  The standard signature of an event handler delegate defines a method that does not return a value. This method's first parameter is of type <xref:System.Object> and refers to the instance that raises the event. Its second parameter is derived from type <xref:System.EventArgs> and holds the event data. If the event does not generate event data, the second parameter is simply the value of the <xref:System.EventArgs.Empty?displayProperty=nameWithType> field. Otherwise, the second parameter is a type derived from <xref:System.EventArgs> and supplies any fields or properties needed to hold the event data.
 
- The <xref:System.EventHandler%601> delegate is a predefined delegate that represents an event handler method for an event that generates data. The advantage of using <xref:System.EventHandler%601> is that you do not need to code your own custom delegate if your event generates event data. You simply provide the type of the event data object as the generic parameter.
+ The <xref:System.EventHandler`1> delegate is a predefined delegate that represents an event handler method for an event that generates data. The advantage of using <xref:System.EventHandler`1> is that you don't need to code your own custom delegate if your event generates event data. You simply provide the type of the event data object as the generic parameter.
 
  To associate the event with the method that will handle the event, add an instance of the delegate to the event. The event handler is called whenever the event occurs, unless you remove the delegate.
 
  For more information about event handler delegates, see [Handling and Raising Events](/dotnet/standard/events/).
 
-
-
 ## Examples
- The following example shows an event named `ThresholdReached`. The event is associated with an <xref:System.EventHandler%601> delegate.
+
+The following example shows an event named `ThresholdReached`. The event is associated with an <xref:System.EventHandler`1> delegate.
 
  :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/eventsoverview/cpp/programwithdata.cpp" id="Snippet6":::
  :::code language="csharp" source="~/snippets/csharp/System/EventArgs/Overview/programwithdata.cs" id="Snippet6":::
@@ -125,6 +124,5 @@
     <related type="Article" href="/dotnet/visual-basic/programming-guide/language-features/events/">Events (Visual Basic)</related>
     <related type="Article" href="/dotnet/csharp/programming-guide/events/">Events (C# Programming Guide)</related>
     <related type="Article" href="/dotnet/fsharp/language-reference/members/events/">Events (F#)</related>
-    <related type="Article" href="https://learn.microsoft.com/previous-versions/windows/apps/hh758286(v=win.10)">Events and routed events overview (Windows store apps)</related>
   </Docs>
 </Type>
diff --git a/xml/ns-System.Data.SqlClient.xml b/xml/ns-System.Data.SqlClient.xml
@@ -4,11 +4,15 @@
     <remarks>
       <format type="text/markdown"><![CDATA[  
   
-## Remarks  
- The .NET Data Provider for SQL Server describes a collection of classes used to access a SQL Server database in the managed space. Using the <xref:System.Data.SqlClient.SqlDataAdapter>, you can fill a memory-resident <xref:System.Data.DataSet> that you can use to query and update the database.  
+## Remarks
+
+> [!NOTE]
+> The <xref:System.Data.SqlClient> APIs are deprecated. For new development, use the <xref:Microsoft.Data.SqlClient> APIs.
+
+The .NET Data Provider for SQL Server describes a collection of classes used to access a SQL Server database in the managed space. Using the <xref:System.Data.SqlClient.SqlDataAdapter>, you can fill a memory-resident <xref:System.Data.DataSet> that you can use to query and update the database.  
   
 > [!NOTE]
->  For conceptual information about using this namespace when programming with .NET, see [SQL Server and ADO.NET](/dotnet/framework/data/adonet/sql/).  
+> For conceptual information about using this namespace when programming with .NET, see [SQL Server and ADO.NET](/dotnet/framework/data/adonet/sql/).  
   
  ]]></format>
     </remarks>

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`> [!IMPORTANT]`
`2`		`-> Calling methods from this class with untrusted data is a security risk. Call the methods from this class only with trusted data. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).`
	`2`	`+> Calling methods from this class with untrusted data is a security risk. Call the methods from this class only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`> [!IMPORTANT]`
`2`		`-> Using an instance of this object with untrusted data is a security risk. Use this object only with trusted data. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).`
	`2`	`+> Using an instance of this object with untrusted data is a security risk. Use this object only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`> [!IMPORTANT]`
`2`		`-> Calling methods from classes that implement this interface with untrusted data is a security risk. Call the methods from classes that implement this interface only with trusted data. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).`
	`2`	`+> Calling methods from classes that implement this interface with untrusted data is a security risk. Call the methods from classes that implement this interface only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`> [!IMPORTANT]`
`2`		`-> Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see [Validate All Inputs](https://owasp.org/www-project-proactive-controls/v3/en/c5-validate-inputs).`
	`2`	`+> Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/).`