java chrome和ie浏览器之间的java request.getQueryString()值不同
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15004593/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
java request.getQueryString() value different between chrome and ie browser
提问by feilong
I have a request,In Browser address bar enter:
我有一个请求,在浏览器地址栏中输入:
http://localhost:8888/cmens-tops-outwear/t-b-f-a-c-s-fLoose-p-g-e-i-o.htm?'"--></style></script><script>netsparker(0x0000E1)</script>=
Tomcat6.0.35i have set URIEncoding="UTF-8"
Tomcat6.0.35我已经设定 URIEncoding="UTF-8"
Use request.getQueryString()in servlet:
request.getQueryString()在servlet中使用:
if chrome,i get
如果chrome,我得到
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000E1)%3C/script%3E=
if ie,I get
如果ie,我得到
'"--></style></script><script>netsparker(0x0000E1)</script>=
Why?
为什么?
Additional
额外的
I want to get request.getQueryString()to create a uri
我想request.getQueryString()创建一个uri
URI uri = URI.create(url)
if ie:
如果即:
java.net.URISyntaxException: Illegal character in query at index 36: /cmens/t-b-f-a-c-s-f-p-g-e-i-o.htm?'"--></style></script><script>netsparker(0x0000E1)</script>
at java.net.URI$Parser.fail(URI.java:2809)
at java.net.URI$Parser.checkChars(URI.java:2982)
at java.net.URI$Parser.parseHierarchical(URI.java:3072)
at java.net.URI$Parser.parse(URI.java:3024)
at java.net.URI.<init>(URI.java:578)
at java.net.URI.create(URI.java:840)
How to determine the queryString whether has be encoded?
如何判断queryString是否已编码?
回答by BalusC
The HttpServletRequest#getQueryString()is per definition undecoded. See also the javadoc(emphasis mine):
根据HttpServletRequest#getQueryString()定义未解码。另请参阅javadoc(强调我的):
Returns:
a String containing the query string or null if the URL contains no query string. The value is not decoded by the container.
返回:
包含查询字符串的字符串,如果 URL 不包含查询字符串,则为 null。该值不由容器解码。
Basically, you need to URL-decode it yourself if you'd like to parse it manually instead of using getParameterXxx()methods for some reason (which implicitly decodes the parameters!).
基本上,如果您想手动解析它而不是getParameterXxx()出于某种原因使用方法(隐式解码参数!),您需要自己对其进行 URL 解码。
String decodedQueryString = URLDecoder.decode(request.getQueryString(), "UTF-8");
As to why Chrome sends it encoded while IE not, that's because Chrome is doing a better job of handling HTTP requests the safe/proper way. This is beyond your control. Just always URL-decode the query string yourself if you intend to parse it manually for some reason. The URIEncoding="UTF-8"configuration has only effect on getParameterXxx()methods during GET requests.
至于为什么 Chrome 发送它编码而 IE 不发送,那是因为 Chrome 在以安全/正确的方式处理 HTTP 请求方面做得更好。这是你无法控制的。如果您出于某种原因打算手动解析查询字符串,请始终自己对查询字符串进行 URL 解码。该URIEncoding="UTF-8"配置仅对getParameterXxx()GET 请求期间的方法有效。
回答by Mike Reedell
The Chrome version is URLEncoded while the IE string is decoded.
Chrome 版本是 URLEncoded 而 IE 字符串被解码。
Use this tool to compare the URLEncoded and decoded versions: http://meyerweb.com/eric/tools/dencoder/
使用此工具比较 URLEncoded 和解码版本:http: //meyerweb.com/eric/tools/dencoder/
回答by petur
Chrome uses the URL encoding way, but IE is using strings.
Chrome 使用 URL 编码方式,而 IE 使用字符串。
For example: " is %22 in URL encoding.
例如:" 在 URL 编码中是 %22。
< is %3E and > is %3C
< 是 %3E 而 > 是 %3C
Chrome is doing it the "right way" but IE just can't do as all the others.
Chrome 正在以“正确的方式”做到这一点,但 IE 却无法像其他人一样做到这一点。
You can find complete list of URL characters here: http://www.w3schools.com/tags/ref_urlencode.asp
您可以在此处找到 URL 字符的完整列表:http: //www.w3schools.com/tags/ref_urlencode.asp
回答by viniciusjssouza
Chrome sends the url encoded. Try decoding the query string using
Chrome 发送编码后的 url。尝试使用解码查询字符串
URLDecoder.decode(queryString, "UTF-8");
As stated by the javadoc, the query string is not decoded by the container:
正如 javadoc 所述,查询字符串不是由容器解码的:
returns a String containing the query string or null if the URL contains no query string. The value is not decoded by the container.
如果 URL 不包含查询字符串,则返回包含查询字符串的字符串或 null。该值不由容器解码。
