You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kiran Badi <ki...@poonam.org> on 2016/05/18 03:25:11 UTC
request.getParameter and special characters - Apache Tomcat/7.0.57 on
win 7
Hi ,
I have this link in jsp which has below tags,
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<a href="TestServlet?teststring=testing&testing1">Testing</a>
and then my servlet looks like below,
/*
* To change this license header, choose License Headers in Project
Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package controller;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
* @author Kiran
*/
@WebServlet(name = "TestServlet", urlPatterns = {"/TestServlet"})
public class TestServlet extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and
<code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample
code. */
String param = request.getParameter("teststring");
String param1 = new
String(request.getParameter("teststring").getBytes("UTF-8"));
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Servlet TestServlet</title>");
out.println("</head>");
out.println("<body>");
out.println("<h1>Servlet TestServlet at " +
request.getContextPath() + "</h1>");
out.println("<h1>Servlet TestServlet at " + param + "</h1>");
out.println("<h1>Servlet TestServlet at " + param1 + "</h1>");
out.println("</body>");
out.println("</html>");
}
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods.
Click on the + sign on the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse
response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse
response)
throws ServletException, IOException {
processRequest(request, response);
}
}
and getParameter for some reason seems to truncating the value after &
Servlet TestServlet at testingServlet TestServlet at testing
I really need to understand as what characters are accepted and what
characters get truncated with getParameter.
I am building few links on the fly which might have space,backslashes,
comma and & characters in it.So wanted to understand should I encode it via
js or container can take care of those for me.
container connector setting has URIEncoding="UTF-8" settings.
Thanking you
Kiran Badi
Re: request.getParameter and special characters - Apache
Tomcat/7.0.57 on win 7
Posted by Kiran Badi <ki...@poonam.org>.
Thanks Mark. Those links were very helpful and saved a lot of my time. I
had good learning :)
For few of the character which I was aware, I think I can go via C URL tag.
But I have see as what other special characters I might have. Its coming
from third party and I do not control it and I am using those as parameter
for the link.
<a href="TestServlet?teststring=testing %26 testing1">Testing</a>
<c:url value="/TestServlet" var="myurl">
<c:param name="teststring" value="testing
!@#$%^&*()_-+=~`<>?/\"' testing1" />
</c:url>
<a href="<c:out value="${myurl}"/>">CURLTEST</a>
C URL seems to do pretty good job at encoding parameters.
Servlet TestServlet for param2 testing !@#$%^&*()_-+=~`<>?/"' testing1
On Wed, May 18, 2016 at 3:38 AM, Mark Thomas <ma...@apache.org> wrote:
> On 18/05/2016 04:25, Kiran Badi wrote:
> > Hi ,
> >
> > I have this link in jsp which has below tags,
> >
> > <%@page contentType="text/html" pageEncoding="UTF-8"%>
> >
> > <a href="TestServlet?teststring=testing&testing1">Testing</a>
> >
> > and then my servlet looks like below,
> >
> > /*
> > * To change this license header, choose License Headers in Project
> > Properties.
> > * To change this template file, choose Tools | Templates
> > * and open the template in the editor.
> > */
> > package controller;
> >
> > import java.io.IOException;
> > import java.io.PrintWriter;
> > import javax.servlet.ServletException;
> > import javax.servlet.annotation.WebServlet;
> > import javax.servlet.http.HttpServlet;
> > import javax.servlet.http.HttpServletRequest;
> > import javax.servlet.http.HttpServletResponse;
> >
> > /**
> > *
> > * @author Kiran
> > */
> > @WebServlet(name = "TestServlet", urlPatterns = {"/TestServlet"})
> > public class TestServlet extends HttpServlet {
> >
> > /**
> > * Processes requests for both HTTP <code>GET</code> and
> > <code>POST</code>
> > * methods.
> > *
> > * @param request servlet request
> > * @param response servlet response
> > * @throws ServletException if a servlet-specific error occurs
> > * @throws IOException if an I/O error occurs
> > */
> > protected void processRequest(HttpServletRequest request,
> > HttpServletResponse response)
> > throws ServletException, IOException {
> > response.setContentType("text/html;charset=UTF-8");
> > try (PrintWriter out = response.getWriter()) {
> > /* TODO output your page here. You may use following sample
> > code. */
> > String param = request.getParameter("teststring");
> > String param1 = new
> > String(request.getParameter("teststring").getBytes("UTF-8"));
> > out.println("<!DOCTYPE html>");
> > out.println("<html>");
> > out.println("<head>");
> > out.println("<title>Servlet TestServlet</title>");
> > out.println("</head>");
> > out.println("<body>");
> > out.println("<h1>Servlet TestServlet at " +
> > request.getContextPath() + "</h1>");
> > out.println("<h1>Servlet TestServlet at " + param + "</h1>");
> > out.println("<h1>Servlet TestServlet at " + param1 +
> "</h1>");
> > out.println("</body>");
> > out.println("</html>");
> > }
> > }
> >
> > // <editor-fold defaultstate="collapsed" desc="HttpServlet methods.
> > Click on the + sign on the left to edit the code.">
> > /**
> > * Handles the HTTP <code>GET</code> method.
> > *
> > * @param request servlet request
> > * @param response servlet response
> > * @throws ServletException if a servlet-specific error occurs
> > * @throws IOException if an I/O error occurs
> > */
> > @Override
> > protected void doGet(HttpServletRequest request, HttpServletResponse
> > response)
> > throws ServletException, IOException {
> > processRequest(request, response);
> > }
> >
> > /**
> > * Handles the HTTP <code>POST</code> method.
> > *
> > * @param request servlet request
> > * @param response servlet response
> > * @throws ServletException if a servlet-specific error occurs
> > * @throws IOException if an I/O error occurs
> > */
> > @Override
> > protected void doPost(HttpServletRequest request, HttpServletResponse
> > response)
> > throws ServletException, IOException {
> > processRequest(request, response);
> > }
> >
> > }
> >
> > and getParameter for some reason seems to truncating the value after &
> >
> > Servlet TestServlet at testingServlet TestServlet at testing
> >
> > I really need to understand as what characters are accepted and what
> > characters get truncated with getParameter.
> >
> > I am building few links on the fly which might have space,backslashes,
> > comma and & characters in it.So wanted to understand should I encode it
> via
> > js or container can take care of those for me.
>
> https://tools.ietf.org/html/rfc3986
> https://www.w3.org/TR/REC-html40/interact/forms.html#form-data-set
>
> Keep in mind that there are multiple levels of encoding here. You may
> need to encode some characters for use in a JSP as well.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: request.getParameter and special characters - Apache
Tomcat/7.0.57 on win 7
Posted by Mark Thomas <ma...@apache.org>.
On 18/05/2016 04:25, Kiran Badi wrote:
> Hi ,
>
> I have this link in jsp which has below tags,
>
> <%@page contentType="text/html" pageEncoding="UTF-8"%>
>
> <a href="TestServlet?teststring=testing&testing1">Testing</a>
>
> and then my servlet looks like below,
>
> /*
> * To change this license header, choose License Headers in Project
> Properties.
> * To change this template file, choose Tools | Templates
> * and open the template in the editor.
> */
> package controller;
>
> import java.io.IOException;
> import java.io.PrintWriter;
> import javax.servlet.ServletException;
> import javax.servlet.annotation.WebServlet;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
>
> /**
> *
> * @author Kiran
> */
> @WebServlet(name = "TestServlet", urlPatterns = {"/TestServlet"})
> public class TestServlet extends HttpServlet {
>
> /**
> * Processes requests for both HTTP <code>GET</code> and
> <code>POST</code>
> * methods.
> *
> * @param request servlet request
> * @param response servlet response
> * @throws ServletException if a servlet-specific error occurs
> * @throws IOException if an I/O error occurs
> */
> protected void processRequest(HttpServletRequest request,
> HttpServletResponse response)
> throws ServletException, IOException {
> response.setContentType("text/html;charset=UTF-8");
> try (PrintWriter out = response.getWriter()) {
> /* TODO output your page here. You may use following sample
> code. */
> String param = request.getParameter("teststring");
> String param1 = new
> String(request.getParameter("teststring").getBytes("UTF-8"));
> out.println("<!DOCTYPE html>");
> out.println("<html>");
> out.println("<head>");
> out.println("<title>Servlet TestServlet</title>");
> out.println("</head>");
> out.println("<body>");
> out.println("<h1>Servlet TestServlet at " +
> request.getContextPath() + "</h1>");
> out.println("<h1>Servlet TestServlet at " + param + "</h1>");
> out.println("<h1>Servlet TestServlet at " + param1 + "</h1>");
> out.println("</body>");
> out.println("</html>");
> }
> }
>
> // <editor-fold defaultstate="collapsed" desc="HttpServlet methods.
> Click on the + sign on the left to edit the code.">
> /**
> * Handles the HTTP <code>GET</code> method.
> *
> * @param request servlet request
> * @param response servlet response
> * @throws ServletException if a servlet-specific error occurs
> * @throws IOException if an I/O error occurs
> */
> @Override
> protected void doGet(HttpServletRequest request, HttpServletResponse
> response)
> throws ServletException, IOException {
> processRequest(request, response);
> }
>
> /**
> * Handles the HTTP <code>POST</code> method.
> *
> * @param request servlet request
> * @param response servlet response
> * @throws ServletException if a servlet-specific error occurs
> * @throws IOException if an I/O error occurs
> */
> @Override
> protected void doPost(HttpServletRequest request, HttpServletResponse
> response)
> throws ServletException, IOException {
> processRequest(request, response);
> }
>
> }
>
> and getParameter for some reason seems to truncating the value after &
>
> Servlet TestServlet at testingServlet TestServlet at testing
>
> I really need to understand as what characters are accepted and what
> characters get truncated with getParameter.
>
> I am building few links on the fly which might have space,backslashes,
> comma and & characters in it.So wanted to understand should I encode it via
> js or container can take care of those for me.
https://tools.ietf.org/html/rfc3986
https://www.w3.org/TR/REC-html40/interact/forms.html#form-data-set
Keep in mind that there are multiple levels of encoding here. You may
need to encode some characters for use in a JSP as well.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org