You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Ralf Hauser (JIRA)" <ji...@apache.org> on 2007/10/01 13:26:36 UTC

[jira] Commented: (STR-1984) warn that maxlength validator only active after physical upload (unfortunately not "fast-fail")

    [ https://issues.apache.org/struts/browse/STR-1984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_42313 ] 

Ralf Hauser commented on STR-1984:
----------------------------------

now also "27143" as a clickable link:  http://issues.apache.org/bugzilla/show_bug.cgi?id=27143

see also http://issues.apache.org/bugzilla/show_bug.cgi?id=27327

> warn that maxlength validator only active after physical upload (unfortunately not "fast-fail")
> -----------------------------------------------------------------------------------------------
>
>                 Key: STR-1984
>                 URL: https://issues.apache.org/struts/browse/STR-1984
>             Project: Struts 1
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 1.1.0
>         Environment: Operating System: other
> Platform: Other
>            Reporter: Ralf Hauser
>            Assignee: Struts Developers
>            Priority: Minor
>
> at the above URL, I suggest to mention that the validator only becomes effective
> AFTER the upload has been completed.
> When testing the bounday, I had no problems uploading 110k of data into a field
> configured to hold only 100 characters.
> Not particularly Denial-of-Service Attack resistant.
> I guess this is a related topic to the file size validator as per STR-1705 and
> STR-1394.
> As a side note - when loading 110 K into a simple text form field, my two weeks
> old Mozilla build no longer displays any "ink", but just whitespaces.
> Upon the error, struts sends the humongeous string value back as
>  <input name="forename" size="75" tabindex="1" value=          type="text">
> Obviously, the whitespace is a lot longer. When trying to hilight the value=...
> all of a sudden, the content becomes visible...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.