URL characters rejected as Bad Request
17 views
Skip to first unread message
Brian Street
Sep 25, 2017, 3:45:25 PM9/25/17
to Hippo Community
Is there a way to work around embedding characters such as %3E (>) inside a queryParameter?
https://www.demo.onehippo.com/?a=%3E causes a 400/Bad Request but https://www.demo.onehippo.com/?a=b is just fine. You can reproduce on localhost as well (without loadbalancers, etc).
Woonsan Ko
Sep 25, 2017, 4:14:04 PM9/25/17
to hippo-c...@googlegroups.com
On Mon, Sep 25, 2017 at 3:45 PM, Brian Street <brian.c...@gmail.com> wrote:
Is there a way to work around embedding characters such as %3E (>) inside a queryParameter?
You can override org.hippoecm.hst.container.XSSUrlFilter [1] and configure your custom one in site/WEB-INF/web.xml.
Regards,
Woonsan
https://www.demo.onehippo.com/?a=%3E causes a 400/Bad Request but https://www.demo.onehippo.com/?a=b is just fine. You can reproduce on localhost as well (without loadbalancers, etc).
--
Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
To post to this group, send email to hippo-community@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-community+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/hippo-community.
For more options, visit https://groups.google.com/d/optout.
71 Summer Street, 2nd Floor, Boston, MA 02110
Amsterdam - Oosteinde 11, 1017 WT AmsterdamUS +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
Reply all
Reply to author
Forward
0 new messages