This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

encode special character

 
giang nguyen
Ranch Hand
Posts: 42
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Web Agent in which we deploy our application will refuse URL requests that contain any of the characters or strings of characters identified in the agent configuration. By default, the Web Agent rejects URL requests that include the following character sequences: //, ./, /., /*, *., ~, \, %00-%1f,%7f-%ff, %25, %25U, %25u These default characters represent potential security exploits and will be blocked at the web server.
Cross-Site Scripting
When CSS Checking is enabled, a Web Agent will scan a full URL (including the query string) for the presence of escaped and unescaped versions of the following default character set: left and right angle brackets (< and > semicolon ( single quote ('). It will log an error and refuse access when found.
So some time, if any of our url contain those character, will be blocked.
Does any one give me an advise on how to overcome this problem? Or provide me with an encode and decode funtion (can be a prototype) that can pass this.
Thanks alot
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Obviously double-escaping won't work, but have you considered an alternate encoding to pass the data? It's a bit less intuitive, but you could Base64 encode the data then decode it back in the servlet.
Therefore you'd send &path=B891F (don't try to decode this, I just made it up) rather than &path=/dave
/Dave
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic