vendredi 30 janvier 2015

Is it dangerous to append search query to the base URL?

I'm testing drupal website and I've noticed that search query gets appended to the base URL in the response, like so:

query: "hey ho: there" ho%3A there

query: "dis iz stackexchange!" iz stackexchange!

query: "@ # $ % ^ & * ( ) < > [ ]" %23 %24 %25 ^ %26 * ( ) < > [ ]

  1. Is this behavior dangerous?

  2. Any guess why any of the '* ( ) < > [ ] !' aren't escaped?

Aucun commentaire:

Enregistrer un commentaire