wood burning stoves
The moose likes JSP and the fly likes encode special character Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "encode special character" Watch "encode special character" New topic

encode special character

giang nguyen
Ranch Hand

Joined: May 13, 2003
Posts: 42
The Web Agent in which we deploy our application will refuse URL requests that contain any of the characters or strings of characters identified in the agent configuration. By default, the Web Agent rejects URL requests that include the following character sequences: //, ./, /., /*, *., ~, \, %00-%1f,%7f-%ff, %25, %25U, %25u These default characters represent potential security exploits and will be blocked at the web server.
Cross-Site Scripting
When CSS Checking is enabled, a Web Agent will scan a full URL (including the query string) for the presence of escaped and unescaped versions of the following default character set: left and right angle brackets (< and > semicolon ( single quote ('). It will log an error and refuse access when found.
So some time, if any of our url contain those character, will be blocked.
Does any one give me an advise on how to overcome this problem? Or provide me with an encode and decode funtion (can be a prototype) that can pass this.
Thanks alot

David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Obviously double-escaping won't work, but have you considered an alternate encoding to pass the data? It's a bit less intuitive, but you could Base64 encode the data then decode it back in the servlet.
Therefore you'd send &path=B891F (don't try to decode this, I just made it up) rather than &path=/dave
I agree. Here's the link: http://aspose.com/file-tools
subject: encode special character
jQuery in Action, 3rd edition