This week's book giveaway is in the Performance forum.
We're giving away four copies of The Java Performance Companion and have Charlie Hunt, Monica Beckwith, Poonam Parhar, & Bengt Rutisson on-line!
See this thread for details.
Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Remove unexpected carriage returns and line feeds from user-supplied data

 
ravisha andar
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have a servlet where I am doing
String userName="abc";
response.sendirect("/jsp/temp.jsp?username="+userName);

But there is a vulnerability as stated by review team

It says
Remove unexpected carriage returns and line feeds from user-supplied data used to construct an HTTP response.


Can anybody help me with this ? What exacltly can be done?

Thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64973
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all, the data should be encoded using URLEncoder.

Secondly, stripping any unwanted characters seems like a simple matter of string substitution.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic