You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by "Volker Lamp (JIRA)" <ji...@apache.org> on 2015/08/11 11:05:45 UTC
[jira] [Commented] (TAP5-2436) Dont throw an
IllgealArgumentException on illegal chars in the url
[ https://issues.apache.org/jira/browse/TAP5-2436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14681480#comment-14681480 ]
Volker Lamp commented on TAP5-2436:
-----------------------------------
I agree. A Bad Request response would be correct and useful at the same time.
This would probably be a good way to deal with another thing I see happen in production occasionally: attempts to submit the login form without the formdata parameter.
> Dont throw an IllgealArgumentException on illegal chars in the url
> ------------------------------------------------------------------
>
> Key: TAP5-2436
> URL: https://issues.apache.org/jira/browse/TAP5-2436
> Project: Tapestry 5
> Issue Type: Improvement
> Components: tapestry-core
> Affects Versions: 5.4
> Reporter: quurks
>
> A few days ago some tool tried to find vulnerabilites by checking urls like /pageid=99999' . This lead to dozens of exception reports like
> Exception type: java.lang.IllegalArgumentException
> Message: Input string 'pageid=99999'' is not valid; the character '=' at position 7 is not valid.
> This should either be a custom exception type, so it can be handled without parsing the IllegalArgumentException message or it should be a 400 - Bad request, which would also allow for a custom error page.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)