[jira] [Updated] (TAP5-2436) Don't throw an IllgealArgumentException on illegal chars in the url

Jochen Kemnade (JIRA) Wed, 12 Aug 2015 00:17:52 -0700

     [ 
https://issues.apache.org/jira/browse/TAP5-2436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jochen Kemnade updated TAP5-2436:
---------------------------------
    Summary: Don't throw an IllgealArgumentException on illegal chars in the 
url  (was: Dont throw an IllgealArgumentException on illegal chars in the url)

> Don't throw an IllgealArgumentException on illegal chars in the url
> -------------------------------------------------------------------
>
>                 Key: TAP5-2436
>                 URL: https://issues.apache.org/jira/browse/TAP5-2436
>             Project: Tapestry 5
>          Issue Type: Improvement
>          Components: tapestry-core
>    Affects Versions: 5.4
>            Reporter: quurks
>
> A few days ago some tool tried to find vulnerabilites by checking urls like 
> /pageid=99999' . This lead to dozens of exception reports like 
> Exception type: java.lang.IllegalArgumentException
> Message: Input string 'pageid=99999'' is not valid; the character '=' at 
> position 7 is not valid.
> This should either be a custom exception type, so it can be handled without 
> parsing the IllegalArgumentException message or it should be a 400 - Bad 
> request, which would also allow for a custom error page.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (TAP5-2436) Don't throw an IllgealArgumentException on illegal chars in the url

Reply via email to