On Fri, Apr 1, 2011 at 2:21 AM, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ronald, > > On 3/31/2011 7:05 AM, Ronald Klop wrote: >> I would say that some proper input validation solves your problem. >> Does new URL(redirectURL).toString() give an exception on invalid url's? > > new URL(String) will throw a MalformedURLException if there are illegal > characters in the URL. >
This will work for 'correct urls', however, you don't necessary need to send correct urls, and I suppose you don't want to: Consider this, struts1 like action: public ActionForward execute(ActionMapping mapping, FormBean bean, HttpServletRequest req, HttpServletResponse res) throws Exception { //do something.... useful res.sendRedirect("pageResult?page=1"); return null; } This is not a syntactically correct url, but it will work in all browsers and save you a lot of stress in multi-url (i18n) portals. I would solve your problem by having multiple entry points for the actions which than can specify the final redirect path. regards Leon --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org