aspose file tools*
The moose likes Servlets and the fly likes Remove unexpected carriage returns and line feeds from user-supplied data Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Remove unexpected carriage returns and line feeds from user-supplied data" Watch "Remove unexpected carriage returns and line feeds from user-supplied data" New topic
Author

Remove unexpected carriage returns and line feeds from user-supplied data

ravisha andar
Ranch Hand

Joined: Feb 25, 2011
Posts: 55
Hi All,

I have a servlet where I am doing
String userName="abc";
response.sendirect("/jsp/temp.jsp?username="+userName);

But there is a vulnerability as stated by review team

It says
Remove unexpected carriage returns and line feeds from user-supplied data used to construct an HTTP response.


Can anybody help me with this ? What exacltly can be done?

Thanks
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

First of all, the data should be encoded using URLEncoder.

Secondly, stripping any unwanted characters seems like a simple matter of string substitution.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
Don't get me started about those stupid light bulbs.
 
subject: Remove unexpected carriage returns and line feeds from user-supplied data