The first thing a servlet (or filter) should do is set the encoding before
touching the request parameters. Its not intended to be called somewhere late
in the processing lifecycle. Since a Valve executes before any javax.servlet
code - all bets are off (for the request encoding) based on the warning
messages in the Valve.
For GET requests, reparsing might work when a new encoding is requested. But
for POST requests - doing so would require saving the entire POST body
somewhere. This can easily cause a memory based DOS attack.
-Tim
Oded Arbel wrote:
Then why is it at all possible to set the encoding ? it should not be
needed and there for should not be possible. The fact that such a call
exists suggests to me that calling it repeatedly would have some effect
(granted - it will slow the performance, but that is as expected) - I
would prefer the request implementation reparse everything when I
supply new character set information - taking it sweet time to do it
(I'm probably only going to do this once per request) - rather then
just ignore me.
The fact is, if you get at the request too late in the process, where
the character set has already been set (wrongly), theres nothing you
can do to rescue the data, and many times I've had that problem.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
