[
https://issues.apache.org/jira/browse/SLING-508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602937#action_12602937
]
Felix Meschberger commented on SLING-508:
-----------------------------------------
The only problem being that I don't know whether I am in Jetty or not ;-) And
honestly, I don't want to care, that's what the servlet API is for.
Therefore, I suggest to try to force the decoding to use ISO-8859-1, which is a
1:1 mapping. What I in fact do is the following:
if (request.getCharacterEncoding() == null) {
request.setCharacterEncoding("ISO-8859-1");
}
Map containerParams = request.getParameterMap();
This gives the client the opportunity to explicitly define the character
encoding while at the same time forcing ISO-8859-1 if not set, which is the
standard case.
After everything is done, the parameters are re-encoded as per _charset_.
Now, this mechanism is probably as good as it can get given the specification
and implementation issues we have at hand. There are (at least) two problems,
we simply cannot solve:
(1) If the request parameters have already been read outside of Sling, e.g. by
a Filter registered by the servlet container, or by some preprocessing servlet,
setting the character encoding has no effect and the parameters may still be
wrongly encoded.
(2) If, as Tobias says, the user tampers with the _charset_ parameter or the
actual page encoding such that the browsers does not encode in the expected
encoding, we cannot do anything anymore.
I consider (1) to be a real thread, but not highly probable. We might want to
care about that situation when it occurrs. I consider (2) as being as a usage
error which I cannot fix on the server side.
> Parameter decoding uses wrong default charset
> ---------------------------------------------
>
> Key: SLING-508
> URL: https://issues.apache.org/jira/browse/SLING-508
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Affects Versions: 2.0.0
> Reporter: Tobias Bocanegra
> Assignee: Felix Meschberger
> Priority: Blocker
>
> As of SLING-152 the request paremeters are re-encoded if a _charset_
> parameter is present. it assumes that the default encoding is
> UTF-8 which is not the case for servlet spec compliant containers (eg.
> tomcat).
> change the default encoding to ISO-8851-1 or make it configurable.
> see:
> http://svn.apache.org/viewvc/incubator/sling/trunk/engine/src/main/java/org/apache/sling/engine/impl/parameters/Util.java?view=markup
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
