-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ronald,
On 3/31/2011 7:05 AM, Ronald Klop wrote: > I would say that some proper input validation solves your problem. > Does new URL(redirectURL).toString() give an exception on invalid url's? new URL(String) will throw a MalformedURLException if there are illegal characters in the URL. I suppose that's good enough for my purposes: the only returnURLs that should be generated should be coming from our own application, and if they are broken, it's a bug. If a MalformedURLException is thrown, it should be due to some sort of malicious use and the user is better off getting a nasty error than just about anything else. Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2VGn4ACgkQ9CaO5/Lv0PBk5gCdF5DMiC7/BrXTxDHayWzChU9W Dc8AoKq1E+6Y2NVTbTuS0vn1NtMhzo0C =2Kss -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org