aspose file tools
The moose likes Servlets and the fly likes Remove unexpected carriage returns and line feeds from user-supplied data Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Java » Servlets
Reply Bookmark "Remove unexpected carriage returns and line feeds from user-supplied data" Watch "Remove unexpected carriage returns and line feeds from user-supplied data" New topic
Author

Remove unexpected carriage returns and line feeds from user-supplied data

ravisha andar
Ranch Hand

Joined: Feb 25, 2011
Posts: 55
posted private message
0
Quote
Hi All,

I have a servlet where I am doing
String userName="abc";
response.sendirect("/jsp/temp.jsp?username="+userName);

But there is a vulnerability as stated by review team

It says
Remove unexpected carriage returns and line feeds from user-supplied data used to construct an HTTP response.


Can anybody help me with this ? What exacltly can be done?

Thanks
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 56554
    
  14

I like...
IntelliJ IDE jQuery Mac OSX
posted private message
1
Quote
First of all, the data should be encoded using URLEncoder.

Secondly, stripping any unwanted characters seems like a simple matter of string substitution.

[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Remove unexpected carriage returns and line feeds from user-supplied data
 
Similar Threads
Help...
Stripping Carriage Returns
remove all occurrencies of carriage return from string
Replace Carriage Returns in String
What is the trick to get ReplaceAll to Work