Passing single quote in URL as query string to a servlet while using HTTPS

Tuesday, January 17, 2012

Passing single quote in URL as query string to a servlet while using HTTPS

Have you ever succeeded in passing single quote as the query string in the URL?
For eg:

https://example/login.do?param1=guest&param2=Jan'2012
(or)
https://example/login.do?param1=guest&param2=Jan%272012

Most of the web server configuration doesn't allow single quote for preventing cross site script/SQL injection attacks.

How do I pass single quote If my parameter has one?
You need to escape the single quote as shown below

https://example/login.do?param1=guest&param2=Jan&#39;2012

Does the above solutions work? Not absolutely as & is the parameter separator so only Jan will be considered as the value for param2. Both & and # are special characters and must be encoded to %26 and %23.

The correct encoding for the single quote is shown below

https://example/login.do?param1=guest&param2=Jan%26%2339;2012

Pages

Tuesday, January 17, 2012

Passing single quote in URL as query string to a servlet while using HTTPS

0 comments:

Post you comments

Blog Archive

Popular Posts

Followers