Java Servlet getParameter for a param that is a UR

2019-03-19 18:05发布

问题:

I am building a site which submits a url to a servlet for analysis purposes. On the client side, I submit the url as a parameter that is encoded. For example...

Submit: http://www.site.com
Goes to: http://localhost/myservlet/?url=http%3A%2F%2Fwww.site.com

On the server side, I have my servlet request the parameter like so...

String url = request.getParameter("url");

What I receive is a decoded string: http://www.site.com. So far so good -- this works as expected... most of the time.

The problem occurs when a url param contains parameters of its own...

Submit: http://www.site.com?param1=1&param2=2
Goes to: http://localhost/myservlet/?url=http%3A%2F%2Fwww.site.com%3Fparam1%3D1%26param2%3D2

Everything is fine on the client site, but in my servlet when I get the parameter I receive only part of the url param!

http://www.site.com?param1=1

It dropped the second param from my input url param! I am definitely encoding the url param before submitting it to the server... what is going on?

回答1:

I can't reproduce your problem on Tomcat 6.0.29. There's more at matter. Maybe a Filter in the chain which is doing something with the request object?

Anyway, here's a SSCCE in flavor of a single JSP:

<!DOCTYPE html>
<html lang="en">
    <head>
        <title>Test</title>
    </head>
    <body>
        <p><a href="?url=http%3A%2F%2Fwww.site.com%3Fparam1%3D1%26param2%3D2">click here</a>
        <p>URL: ${param.url}
    </body>
</html>

Copy'n'paste'n'run it and click the link. Right here I see the following result:

click here

URL: http://www.site.com?param1=1&param2=2

The same is reproducible with a simple servlet like this which is invoked directly by browser address bar:

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.getWriter().write(request.getParameter("url"));
}

Tomcat is by the way configured with URIEncoding="UTF-8" in HTTP connector, but even with ISO-8859-1 (which is the default), the behaviour is -as expected in this particular case- the same.