HTML form submission to servlets, with cocoon

[Mala Ramakrishnan <ma...@speedtrak.com>]

Hi,

I can't find an answer to this in the archives, please respond if you
know how I can do this:

I have a functional URLProducer that I use whenever I need to redirect a
servlet's response to cocoon. I now have a form that I use to submit
certain parameters to a servlet, the servlet in turn returns an xml file
which I need to format using xsl by directing it to cocoon. Here's what
I used, it doesn't work:

In the "action" attribute of the form I passed
action="http://kojak.speedtrak.com:8080/dummy.xml?producer=URLProducer&xmlSource=http://kojak.speedtrak.com:8900/servlet/routerservlet"

Instead of appending the input parameters with a ? following
routerservlet, the part after dummy.xml gets stripped off. So, my
arguments from the form never get sent to the routerservlet.

On using just plain 
action="http://kojak.speedtrak.com:8900/servlet/routerservlet", the
parameters obviously get submitted to the routerservlet but the output
xml of the routerservlet do not get redirected to cocoon.

Is there an obvious solution that I am not considering? Please respond
if you have the solution.

Thanks,

Mala
--

Re: HTML form submission to servlets, with cocoon

[Mala Ramakrishnan <ma...@speedtrak.com>]

Seems a little unnecessary to me. I could send just the name of the
servlet and not the entire link as an argument to xmlSource and make my
producer look for that servlet on just my server. If I can't find that
servlet, I can generate an error message. That way, nobody can use their
servlet with any disastrous xml. The only possibility of breaking this
would be for them to write their own producer and send it as an argument
to my cocoon - which is not possible as they will have to change the
CLASSPATH of my cocoon installation to pick up their producer.

Mala
--
Donald Ball wrote:
> 
> On Sun, 19 Nov 2000, Mala Ramakrishnan wrote:
> 
> > Thanks, I never thought of that aspect of it as my application is going
> > to be used internally. I guess I should be more careful.
> >
> > I am not sure I understand the alternative - how do I get cocoon to call
> > my code instead?
> 
> move whatever's in your doGet or doPost servlet method into an external
> library. call that library method from an xsp page.
> 
> - donald
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org

--

Re: HTML form submission to servlets, with cocoon

[Donald Ball <ba...@webslingerZ.com>]

On Sun, 19 Nov 2000, Mala Ramakrishnan wrote:

> Thanks, I never thought of that aspect of it as my application is going
> to be used internally. I guess I should be more careful. 
> 
> I am not sure I understand the alternative - how do I get cocoon to call
> my code instead?

move whatever's in your doGet or doPost servlet method into an external
library. call that library method from an xsp page.

- donald

Re: HTML form submission to servlets, with cocoon

[Mala Ramakrishnan <ma...@speedtrak.com>]

Donald,

Thanks, I never thought of that aspect of it as my application is going
to be used internally. I guess I should be more careful. 

I am not sure I understand the alternative - how do I get cocoon to call
my code instead?

Mala
--

Donald Ball wrote:
> 
> On Sun, 19 Nov 2000, Mala Ramakrishnan wrote:
> 
> > Hi,
> >
> > I can't find an answer to this in the archives, please respond if you
> > know how I can do this:
> >
> > I have a functional URLProducer that I use whenever I need to redirect a
> > servlet's response to cocoon. I now have a form that I use to submit
> > certain parameters to a servlet, the servlet in turn returns an xml file
> > which I need to format using xsl by directing it to cocoon. Here's what
> > I used, it doesn't work:
> >
> > In the "action" attribute of the form I passed
> > action="http://kojak.speedtrak.com:8080/dummy.xml?producer=URLProducer&xmlSource=http://kojak.speedtrak.com:8900/servlet/routerservlet"
> 
> this is so dangerous, it's not even funny. if the XML produced from a
> hostile external URL contains an xsp processing instruction, users of your
> system can execute arbitrary java code on your system.
> 
> have cocoon call your code instead.
> 
> - donald
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org

--

Re: HTML form submission to servlets, with cocoon

[Donald Ball <ba...@webslingerZ.com>]

On Sun, 19 Nov 2000, Mala Ramakrishnan wrote:

> Hi,
> 
> I can't find an answer to this in the archives, please respond if you
> know how I can do this:
> 
> I have a functional URLProducer that I use whenever I need to redirect a
> servlet's response to cocoon. I now have a form that I use to submit
> certain parameters to a servlet, the servlet in turn returns an xml file
> which I need to format using xsl by directing it to cocoon. Here's what
> I used, it doesn't work:
> 
> In the "action" attribute of the form I passed
> action="http://kojak.speedtrak.com:8080/dummy.xml?producer=URLProducer&xmlSource=http://kojak.speedtrak.com:8900/servlet/routerservlet"

this is so dangerous, it's not even funny. if the XML produced from a
hostile external URL contains an xsp processing instruction, users of your
system can execute arbitrary java code on your system.

have cocoon call your code instead.

- donald