skip to Main Content

For url if I want to create CSRF token it will give me 500 internal server error

https://abc/conf.tmpl?Email=ychandra-d%40dd.com&training=234

but if use @ instead of %40, csrf token will generate

https://abc/[email protected]&training=234

Can someone help me with this why changing in url pattern creates error? DO I need to added any other dependencies for special character?

Done some Implementation and add some file regarding csrf –

File added –

csrfguard.js

csrfguard.properties

Done some implementation-

In web.xml add csrfGuardServlet, Owasp.CsrfGuard.Config, Owasp.CsrfGuard.Config.Print, csrfGuardFilter(its filter-mapping), CsrfGuardServletContextListener,CsrfGuardHttpSessionListener

In apply.tmpl file added

<script src="https://weblibrary.cdn.getgo.com/web-library-2/scripts/web-library.js"></script>
    <script type="text/javascript" src="/public/csrfguard"></script>

as in web.xml file

<servlet-mapping>
        <servlet-name>csrfGuardServlet</servlet-name>
        <url-pattern>/public/csrfguard</url-pattern>
    </servlet-mapping>

2

Answers


  1. Ensure that the email parameter is URL-encoded properly. %40 is the URL-encoded representation of the ‘@’ symbol. When constructing the URL, use proper URL encoding to represent special characters.

    String encodedEmail = URLEncoder.encode("[email protected]", StandardCharsets.UTF_8.toString());
    String url = "https://abc/conf.tmpl?Email=" + encodedEmail + "&training=234";
    
    Login or Signup to reply.
  2. The URL query component is encoded. You are not fully decoding it. %40 is the encoded form of @. Technically, @ is not required to be encoded in the query component, but your server is doing so.

    After you split the query data on & and =, you need to decode the resulting substrings by replacing the %XX hex sequences with the corresponding bytes, and then converting the resulting bytes to string characters based on whatever charset your server uses (usually utf-8, but not always).

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search