>You don't have to escape arguments, for example, below shouldn't crash on any version of .NET .
>We you perhaps instead passing user input as the format string instead? That you will have to escape. Oops! Sorry, you're right, I had it backwards. The format string contains "{Intention}" not the argument. >http://geekswithblogs.net/jonasb/archive/2007/03/05/108023.aspx This is a well known answer, my puzzle is one of scope of the problem. There are so many string.Formats in my code (thousands scattered over dozens of solutions) that I can't find an elegant way of globally intercepting the problem at the different levels from the UI all the way down to the lowest back end. It's not even trivial to identify which of my Format calls are at risk of the braces crash. Finding them would be like performing a security audit. I think we all have string formatting time-bombs in our code. Greg