2011/4/1 Christopher Schultz <chris@christopherschultz.net>:
> I think I'm doing to standardize on simply scanning for troublesome
> characters like \r and \n and throwing a MalformedURLException or
> something like that.
You'd better scan for allowed characters. The \r and \n are not the
only ones where the things may go wrong.
> If anyone else has any good ideas or Warnings about what might be a
> naive sanitization check, I'd be glad to hear them.
>
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|