请求参数丢失加号 [英] Request Parameter Losing Plus Sign
问题描述
我正在编辑搜索表单,并尝试防止数据库中的特殊字符。在JSP搜索表单中,(多选)下拉菜单允许用户选择将在查询中使用的描述(注意:描述是字符串列表):
< select id =descriptionSelectmultiple =multiple>
< c:forEach items =$ {descript}var =description>
< option value =$ {fn:escapeXml(description)})}>
< c:out value =$ {description}/>
< ; / option>
< / c:forEach>
< / select>
当表单提交时,页面动态生成URL,该URL将URL中的查询参数(丑陋,我知道,手被绑定),这是描述段的狙击手。
var descriptionSelectBox = document.getElementById(descriptionSelect);
var descriptUrlAddition =;
for(var i = 0 ; i< descriptionSelectBox.options.length; i ++){
if(descriptionSelectBox.options [i] .selected){
descriptUrlAddition + =& DESCRIPTION =+ escape(descriptionSelectBox.options [i ] .value);
}
}
我有一个测试条目数据库的描述是:
AAA`〜!@#$%^& *()_ + - = {} | [] \:; '<>?,/ /哇这个有很多特殊的字符。
使用上面的代码,由于某些原因,当请求到达控制器时,描述将失去+符号(它只是一个空格)。
$有没有人知道会发生什么,怎么解决?我不知道这是否与URL特殊使用有关,或什么。我可以编辑描述列表的填充方式(可能在那里转义)。如果你提供这个建议,请使用Java特定的代码(没有Apache escape utils类等)。如果有帮助,使用JavaScript中的警报表示在发送请求之前,+号未被转换。
+ 表示URL中的空格。将其替换为%2B 。例如,您可以在撰写 DESCRIPTIONUrlAddition 之后执行此操作。
DESCRIPTIONUrlAddition = descriptUrlAddition.replace('+','%2B');
I am editing a search form and trying to protect against special characters in the database. In the JSP search form, a (multiselect) dropdown allows users to select descriptions that will be used in the query (note: descriptions is a list of strings):
<select id="descriptionSelect" multiple="multiple">
<c:forEach items="${descriptions}" var="description">
<option value="${fn:escapeXml(description)}")}">
<c:out value="${description}" />
</option>
</c:forEach>
</select>
When the form submits, the page dynamically generates the URL which takes query parameters in the URL (ugly, I know, hands are tied). Here's the snipet making the description segment.
var descriptionSelectBox = document.getElementById("descriptionSelect");
var descriptionsUrlAddition = "";
for (var i = 0; i < descriptionSelectBox.options.length; i++) {
if (descriptionSelectBox.options[i].selected) {
descriptionsUrlAddition += "&descriptions=" + escape(descriptionSelectBox.options[i].value);
}
}
I have a test entry in the database whose description is:
AAA `~!@#$%^&*()_+-={}|[]\:";'<>?,./ And wow this has a lot of special characters.
With the code above, for some reason when the request gets to the controller, the description loses the + sign (it becomes just a space).
Does anyone know what might be happening and how to fix it? I am not sure if it's something to do with URLs special use of +, or what. I could edit how the descriptions list is populated (maybe escaping there). If you offer this as a suggestion, please use Java specific code (no Apache escape utils classes, etc).
If it helps, using alerts in the JavaScript indicate that the + sign is not being transformed before sending the request.
+ means "space" in URLs. Replace it with %2B. You could do this just after composing descriptionsUrlAddition, for example.
descriptionsUrlAddition = descriptionsUrlAddition.replace('+', '%2B');
这篇关于请求参数丢失加号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
