Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
Currently the regex used to match allowed parameters is
public static final String[] ACCEPTED_PATTERNS = { "\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*" };
For parameters that are mapped to a map, this restricts the keys to letters, numbers and underscore.
It would be nice to allow all characters that are allowed in POST data and URLs, for example a parameter like map['key-subkey'] is currently not allowed, but it should cause no harm.
Attachments
Issue Links
- links to