How can we Sanitize, via URL/HTML encoding, potentially danger characters & (< > “ ; /) in the server side, i am using encodeURI() and escape() in jsp page to encode on client side and i used URLEncoder.encode() in my java file to handel server side but it not encoding.
String needsEncodingPart = "?!##$%^&*() <>/\"'[]{}\"";
String baseURL = "http://url:80/test";
String encodedPart = URLEncoder.encode(needsEncodingPart,"UTF-8").replace("+", "%20");
System.out.println(baseURL + "/" + encodedPart);
needs to be replaced with "%20" as URLEncoder basically works with HTML type of encoding which replaces spaces with +
2nd way is to use java.net.URI
URL url = new URL("http://url:80/test/test1?!##$%^&*() <>/\"'[]{}\"");
URI uri = null;
uri = new URI(url.getProtocol(), url.getHost() + ":" + url.getPort(), url.getPath(), url.getQuery(), null);
uri.toString() will return encoded url. But in case of # encountered it might create some issue in encoding.
Thanks,
Gaurav
Related
String urlParameters = "login=test&password=te&ff";
I have a String urlParams, & - is part of the password, how to make it escaped, thus not be recognized as a separator?
Use a URL Encoder on each of the components: http://docs.oracle.com/javase/7/docs/api/java/net/URLEncoder.html
Encode your password using URLEcoder#encode with utf-8
String urlParameters = "login=test&password="+
URLEncoder.encode("te&ff", "UTF-8");
im trying to send an email with an attachment, but it keeps saying:
Exception in thread "AWT-EventQueue-0" java.lang.IllegalArgumentException: Illegal character in opaque part at index 64: mailto:recipient#mailserver.com?subject=ThePDFFile&attachment=C:\Users\Rascal\AppData\Local\Temp\FreelancerList-16-12-2014_09-227568200505392670736.doc
Java Code:
Desktop desktop = Desktop.getDesktop();
String message = "mailto:recipient#mailserver.com?subject=ThePDFFile&attachment=\""+path;
URLEncoder.encode(message, "UTF-8");
URI uri = URI.create(message);
desktop.mail(uri);
Should be the colon right? But why???
You're calling URLEncoder.encode, but ignoring the result. I suspect you were trying to achieve something like this:
String encoded = URLEncoder.encode(message, "UTF-8");
URI uri = URI.create(encoded);
... although at that point you'll have encoded the colon after the mailto part as well. I suspect you really want something like:
String query = "subject=ThePDFFile&attachment=\""+path;
String prefix = "mailto:recipient#mailserver.com?";
URI uri = URI.create(prefix + URLEncoder.encode(query, "UTF-8"));
Or even encoding just the values:
String query = "subject=" + URLEncoder.encode(subject, "UTF-8");
+ "&attachment=" + URLEncoder.encode(path, "UTF-8"));
URI uri = URI.create("mailto:recipient#mailserver.com?" + query);
... or create the URI from the various different parts separately, of course.
I get an error "Illegal character in URL" in my code and I don't know why:
I have a token and an hash that are string type.
String currentURL = "http://platform.shopyourway.com" +
"/products/get-by-tag?tagId=220431" +
"&token=" + token +
"&hash=" + hash;
HttpURLConnection urlConnection = null;
BufferedReader reader = null;
try {
URL url = new URL(currentURL);
urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setRequestMethod("GET");
urlConnection.connect();
[...]
but when I wrote :
URL url = new URL("http://platform.shopyourway.com/products/get-by-tag?tagId=220431&token=0_11800_253402300799_1_a9c1d19702ed3a5e873fd3b3bcae6f8e3f8b845c9686418768291042ad5709f1&hash=e68e41e4ea4ed16f4dbfb32668ed02b080bf1f2cbee64c2692ef510e7f7dc26b");
it's work, but I can't write this order because I don't know the hash and the token because I generate them every time.
thanks.
From the Oracle docs on creating URLs you need to escape the "values" of your URL string.
URL addresses with Special characters
Some URL addresses contain special characters, for example the space
character. Like this:
http://example.com/hello world/ To make these characters legal they
need to be encoded before passing them to the URL constructor.
URL url = new URL("http://example.com/hello%20world");
Encoding the special character(s) in this example is easy as there is
only one character that needs encoding, but for URL addresses that
have several of these characters or if you are unsure when writing
your code what URL addresses you will need to access, you can use the
multi-argument constructors of the java.net.URI class to automatically
take care of the encoding for you.
URI uri = new URI("http", "example.com", "/hello world/", "");
And then convert the URI to a URL.
URL url = uri.toURL();
As commented also see this other post that uses URLEncoder to replace any offending characters
I have a requirement to set both character encoding and the attachment for the responseheader
during file download. How can I do that?
ResponseBuilder lResBuild = Response.ok(lResult);
lResBuild.type("application/vnd.ms-excel");
lResBuild.header("Content-Type", "text/xml; charset=UTF-16LE");
lResponse = lResBuild.build();
lResponse = Response.ok(lResponse).header("Content-Disposition",
"attachment; filename = " + lFileName + ".xls").build();
Something like this. For special characters I am getting underscore.
I want to know the difference between the below two methods of getting a request URL in servlet.
Method 1:
String url = request.getRequestURL().toString();
Method 2:
url = request.getScheme()
+ "://"
+ request.getServerName()
+ ":"
+ request.getServerPort()
+ request.getRequestURI();
Are there any chances that the above two methods will give two different URLs?
The getRequestURL() omits the port when it is 80 while the scheme is http, or when it is 443 while the scheme is https.
So, just use getRequestURL() if all you want is obtaining the entire URL. This does however not include the GET query string. You may want to construct it as follows then:
StringBuffer requestURL = request.getRequestURL();
if (request.getQueryString() != null) {
requestURL.append("?").append(request.getQueryString());
}
String completeURL = requestURL.toString();