angelblade27
asked on
Preventing url encoding during form submit
I have a form which has a text box in it. Recently now users started entering & in the textbox ( which is now expected). However the problem comes that the & gets converted to %26 ( i saw this when i intercepted it via tamper data) which causes problems. I need it to submit the correct value ie & and not the url encoding version of it
ASKER
so in the jsp code ( note this is a web based tool which i inherited) there is an opening an form tag and a closing form tag down the page however when the html is rendered the form tag is like this
<form action="*.foo" method="post"/>
it contains both the opening and closing tag. However the page still submits the form fine. I'm guess firefox guess which form to submit?. But still i don't get why the rendered html looks different than the jsp code.
There is only one form present on the page
<form action="*.foo" method="post"/>
it contains both the opening and closing tag. However the page still submits the form fine. I'm guess firefox guess which form to submit?. But still i don't get why the rendered html looks different than the jsp code.
There is only one form present on the page
okay so it is posting the form on POST method... then your data will not get encoded unless encoded by using a javascript or a filter or something that is modifying your data before it reaches server...
ASKER
So the input button for submit doesn't have an event handler on it so is there another way javascript could be triggered?
Attached a snipet of the html.
Note: I deleted alot between the tbody and the tr
Attached a snipet of the html.
Note: I deleted alot between the tbody and the tr
<form method="post" action="*.gts"></form>
<tbody>
<tr>
<td colspan="2" align="center" bgcolor="#efefef"><input value="Run" type="submit"></td>
</tr>
</tbody>
>so is there another way javascript could be triggered?
You could use something like
<form method="post" action="*.gts" onsubmit="yourfunction();" ></form>
What do you want the javascript to do ?
You could use something like
<form method="post" action="*.gts" onsubmit="yourfunction();"
What do you want the javascript to do ?
ASKER
well i'm just trying to avoid "&" geting url encoded to %26 during form submit as it is messing up our automation.
@Kuldeepchaturvedi: suggested that if the form submit was post it shouldn't do it. But in the html it looks like the form is already being submitted via POST.
@Kuldeepchaturvedi: suggested that if the form submit was post it shouldn't do it. But in the html it looks like the form is already being submitted via POST.
ASKER
it looks like this code is also contained in an iframe
I down loaded "Tamper Data" . Now I see what you talking about.
The default value for a form is
enctype="application/x-www -form-urle ncoded'
The work around is to use
<form method="post" action="*.gts" enctype="multipart/form-da ta">
But that would probably require a rewrite of your server code.
What is *.gts ? Can you rewrite that to accept multipart ?
The default value for a form is
enctype="application/x-www
The work around is to use
<form method="post" action="*.gts" enctype="multipart/form-da
But that would probably require a rewrite of your server code.
What is *.gts ? Can you rewrite that to accept multipart ?
what kind of data this form is accepting? if there are only text types you can just get away using enctype.. ( i.e. just remove it).. if you use multipart as rrz suggested, you *MAY* have to change the back end code to accept it.
ASKER
Yeah i prob could rewrite *gts if i need to. I don't really want to.
@Kuldeepchaturvedi:- yes the form consists of simple text inputs and couple radio buttons.
What did you mean by "enctype....".
did you mean have the form as
<form method="post" action="*.gts" enctype="">
without any value?
@Kuldeepchaturvedi:- yes the form consists of simple text inputs and couple radio buttons.
What did you mean by "enctype....".
did you mean have the form as
<form method="post" action="*.gts" enctype="">
without any value?
><form method="post" action="*.gts" enctype="">
That won't work. As I said
>The default value for a form is
enctype="application/x-www -form-urle ncoded'
also the link I posted above here.
You could rewrite *.gts to accept multipart/form-data but it might be easier to write a servlet to accept the request and use
userText = request.getParameter("your textboxNam e");
request.setAttribute("user Text", userText);
then forward to *.gts
That won't work. As I said
>The default value for a form is
enctype="application/x-www
also the link I posted above here.
You could rewrite *.gts to accept multipart/form-data but it might be easier to write a servlet to accept the request and use
userText = request.getParameter("your
request.setAttribute("user
then forward to *.gts
If you can tell more about *.gts, then maybe we can come up with an easy solution.
ASKER
i'll need to look at the code when i get into work tom. I'll update this tomorrow then.
ASKER
so i copied the do get and do post with some of the variable names changed
public void doGet (HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
String testMethod = request.getParameter ("testMethod");
String destinationURL = request.getParameter ("destinationURL");
if (testMethod.equals ("login"))
{
String uid = request.getParameter
(testConstants.USER_COOKIE _NAME);
login (response, uid, destinationURL);
}
else if (testMethod.equals ("deleteTS"))
{
int id = Integer.parseInt (request.getParameter ("id"));
deleteTS (response, id, destinationURL);
}
else if (testMethod.equals ("deleteTSRun"))
{
int id = Integer.parseInt (request.getParameter ("id"));
deleteTSRun (response, id, destinationURL);
}
else if (testMethod.equals ("viewGraphResult"))
{
viewGraphResult (request, response);
}
else if (testMethod.equals ("viewGroupResult"))
{
viewGroupResult (request, response);
}
else if (testMethod.equals ("runMultipleTestsuites"))
{
runMultipleTestsuites (request, response);
}
}
public void doPost (HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
String testMethod = request.getParameter ("testMethod");
String destinationURL = request.getParameter ("destinationURL");
if (testMethod.equals ("runTestsuite"))
{
runTestsuite (request, response);
}
else if (testMethod.equals ("runTestcases"))
{
runTestcases (request, response);
}
else if (testMethod.equals ("runMultipleTestsuites"))
{
runMultipleTestsuites (request, response);
}
else if (testMethod.equals ("editTS"))
{
editTS (request, response, destinationURL);
}
}
changing the enctype to multipart/form-data" doesn't work by itself
the server throws an:
java.lang.NullPointerExcep tion
gts.servlet.GTSServlet.doP ost(GTSSer vlet.java: 114)
public void doGet (HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
String testMethod = request.getParameter ("testMethod");
String destinationURL = request.getParameter ("destinationURL");
if (testMethod.equals ("login"))
{
String uid = request.getParameter
(testConstants.USER_COOKIE
login (response, uid, destinationURL);
}
else if (testMethod.equals ("deleteTS"))
{
int id = Integer.parseInt (request.getParameter ("id"));
deleteTS (response, id, destinationURL);
}
else if (testMethod.equals ("deleteTSRun"))
{
int id = Integer.parseInt (request.getParameter ("id"));
deleteTSRun (response, id, destinationURL);
}
else if (testMethod.equals ("viewGraphResult"))
{
viewGraphResult (request, response);
}
else if (testMethod.equals ("viewGroupResult"))
{
viewGroupResult (request, response);
}
else if (testMethod.equals ("runMultipleTestsuites"))
{
runMultipleTestsuites (request, response);
}
}
public void doPost (HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
String testMethod = request.getParameter ("testMethod");
String destinationURL = request.getParameter ("destinationURL");
if (testMethod.equals ("runTestsuite"))
{
runTestsuite (request, response);
}
else if (testMethod.equals ("runTestcases"))
{
runTestcases (request, response);
}
else if (testMethod.equals ("runMultipleTestsuites"))
{
runMultipleTestsuites (request, response);
}
else if (testMethod.equals ("editTS"))
{
editTS (request, response, destinationURL);
}
}
changing the enctype to multipart/form-data" doesn't work by itself
the server throws an:
java.lang.NullPointerExcep
gts.servlet.GTSServlet.doP
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
i quite didn't understand what u were meaning. U first said that the request.getParameter() will not work for multipart, which seems to be true, and then u said that request.getParamter() will decode the parameter which is contradictory.
I meant that request.getParameter method only works for the default encoding (application/x-www-form-ur lencoded)
ASKER
is there a way to parse the request when the form is submitted with the multipart?
you can use commons-upload api from jakarta ( same guys as tomcat).. this api can read multipart request and parse it quite easily.
Here is example code.
https://www.experts-exchange.com/questions/23504709/How-to-upload-a-text-file-on-a-particular-location-on-oracle-server-using-JSP.html
I still can't understand why you were having a problem.
>Is the problem your having in one of the methods that your passing the request to ?
viewGroupResult (request, response);
runMultipleTestsuites (request, response);
What is happening in those ?
https://www.experts-exchange.com/questions/23504709/How-to-upload-a-text-file-on-a-particular-location-on-oracle-server-using-JSP.html
I still can't understand why you were having a problem.
>Is the problem your having in one of the methods that your passing the request to ?
viewGroupResult (request, response);
runMultipleTestsuites (request, response);
What is happening in those ?
you can convert it to POST and it should take care of it.