tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "quurks (JIRA)" <j...@apache.org>
Subject [jira] [Created] (TAP5-2436) Dont throw an IllgealArgumentException on illegal chars in the url
Date Sat, 03 Jan 2015 16:43:35 GMT
quurks created TAP5-2436:
----------------------------

             Summary: Dont throw an IllgealArgumentException on illegal chars in the url
                 Key: TAP5-2436
                 URL: https://issues.apache.org/jira/browse/TAP5-2436
             Project: Tapestry 5
          Issue Type: Improvement
          Components: tapestry-core
    Affects Versions: 5.4
            Reporter: quurks


A few days ago some tool tried to find vulnerabilites by checking urls like /pageid=99999'
. This lead to dozens of exception reports like 

Exception type: java.lang.IllegalArgumentException
Message: Input string 'pageid=99999'' is not valid; the character '=' at position 7 is not
valid.

This should either be a custom exception type, so it can be handled without parsing the IllegalArgumentException
message or it should be a 400 - Bad request, which would also allow for a custom error page.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message