java request.getQueryString() value different between chrome and ie browser
The HttpServletRequest#getQueryString()
is per definition undecoded. See also the javadoc (emphasis mine):
Returns:
a String containing the query string or null if the URL contains no query string. The value is not decoded by the container.
Basically, you need to URL-decode it yourself if you'd like to parse it manually instead of using getParameterXxx()
methods for some reason (which implicitly decodes the parameters!).
String decodedQueryString = URLDecoder.decode(request.getQueryString(), "UTF-8");
As to why Chrome sends it encoded while IE not, that's because Chrome is doing a better job of handling HTTP requests the safe/proper way. This is beyond your control. Just always URL-decode the query string yourself if you intend to parse it manually for some reason. The URIEncoding="UTF-8"
configuration has only effect on getParameterXxx()
methods during GET requests.
feilong
Updated on July 09, 2022Comments
-
feilong almost 2 years
I have a request,In Browser address bar enter:
http://localhost:8888/cmens-tops-outwear/t-b-f-a-c-s-fLoose-p-g-e-i-o.htm?'"--></style></script><script>netsparker(0x0000E1)</script>=
Tomcat6.0.35
i have setURIEncoding="UTF-8"
Use
request.getQueryString()
in servlet:if
chrome
,i get'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000E1)%3C/script%3E=
if
ie
,I get'"--></style></script><script>netsparker(0x0000E1)</script>=
Why?
Additional
I want to get
request.getQueryString()
to create a uriURI uri = URI.create(url)
if ie:
java.net.URISyntaxException: Illegal character in query at index 36: /cmens/t-b-f-a-c-s-f-p-g-e-i-o.htm?'"--></style></script><script>netsparker(0x0000E1)</script> at java.net.URI$Parser.fail(URI.java:2809) at java.net.URI$Parser.checkChars(URI.java:2982) at java.net.URI$Parser.parseHierarchical(URI.java:3072) at java.net.URI$Parser.parse(URI.java:3024) at java.net.URI.<init>(URI.java:578) at java.net.URI.create(URI.java:840)
How to determine the queryString whether has be encoded?