Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Remove unexpected carriage returns and line feeds from user-supplied data

 
ravisha andar
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have a servlet where I am doing
String userName="abc";
response.sendirect("/jsp/temp.jsp?username="+userName);

But there is a vulnerability as stated by review team

It says
Remove unexpected carriage returns and line feeds from user-supplied data used to construct an HTTP response.


Can anybody help me with this ? What exacltly can be done?

Thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64838
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all, the data should be encoded using URLEncoder.

Secondly, stripping any unwanted characters seems like a simple matter of string substitution.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic