Home > Blockchain >  Tomcat rejects URL encoded "<" and ">" symbols
Tomcat rejects URL encoded "<" and ">" symbols

Time:03-27

Tomcat 9.0.54 rejects my URL because of the "<" and ">" symbols. It rejects it also when in percent encoded forms "<" and ">". I also tried adding relaxedQueryChars="&lt;&gt;" to the Connector in the server.xml but without avail.

The Tomcat instance is spun up by Cargo when running the Bloomreach CMS. The URL is as follows:

http://localhost:8080/site/api/documents?_expr=(hippostdpubwf:lastModificationDate>xs:dateTime('2021-04-09T20:56:18.496+02:00'))

Changing the > to a "=" (=) makes the URL accepted by Tomcat.

When spinning up a default Tomcat docker, this issue is not present.

Has anyone had a similar issue or could show me in a direction which might fix this issue?

CodePudding user response:

Looks like you're hitting the org.hippoecm.hst.container.XSSUrlFilter that is present by default in the web.xml of the site webapp.

It's a simple, extendable filter to prevent basic scripting attacks. Regards, Jeroen

PS you might like the forums at community.bloomreach.com

Page link:https//www.codepudding.com/Blockchain/349613.html

Prev:Reversing a list in Scheme with some restrictions
Next:What is shortcut to navigate to file in project structure
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding