On 22/05/2023 18:55, Joakim Erdfelt wrote:
Don't blindly call request.getParameter() without fully (and I do
mean FULLY) understanding the side effects.
Now you tell me... :) :)
A call to request.getParameter() can read the request body content
as well. (per Servlet spec). A call to
Don't blindly call request.getParameter() without fully (and I do mean
FULLY) understanding the side effects.
A call to request.getParameter() can read the request body content as well.
(per Servlet spec).
A call to request.getParameter() can fail for bad input, bad encoding, bad
expectations, IO
I have a catch-all exception handler which sends me an email for
unhandled exceptions in case it's due to a bug in the code. Recently I
had a flurry of emails because of a URL where someone had entered
"/foo?bar=%" ("%" being a typo for "5" in this case):
