Uploaded image for project: 'Tapestry 5'
  1. Tapestry 5
  2. TAP5-2436

Don't throw an IllgealArgumentException on illegal chars in the url

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.4
    • Fix Version/s: 5.4
    • Component/s: tapestry-core
    • Labels:

      Description

      A few days ago some tool tried to find vulnerabilites by checking urls like /pageid=99999' . This lead to dozens of exception reports like

      Exception type: java.lang.IllegalArgumentException
      Message: Input string 'pageid=99999'' is not valid; the character '=' at position 7 is not valid.

      This should either be a custom exception type, so it can be handled without parsing the IllegalArgumentException message or it should be a 400 - Bad request, which would also allow for a custom error page.

        Attachments

          Activity

            People

            • Assignee:
              jkemnade Jochen Kemnade
              Reporter:
              quurks quurks
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: