vendredi 30 janvier 2015

Is it dangerous to append search query to the base URL?



I'm testing drupal website and I've noticed that search query gets appended to the base URL in the response, like so:



query: "hey ho: there"
http://ift.tt/1zeGjas ho%3A there

query: "dis iz stackexchange!"
http://ift.tt/1yeT54L iz stackexchange!

query: "@ # $ % ^ & * ( ) < > [ ]"
http://ift.tt/1zeGjay %23 %24 %25 ^ %26 * ( ) < > [ ]



  1. Is this behavior dangerous?

  2. Any guess why any of the '* ( ) < > [ ] !' aren't escaped?





Aucun commentaire:

Enregistrer un commentaire