SPARQL response code for invalid queries #190
Comments
|
@piotr-gawron, hard to discuss that with federal government security - SPARQL editor is a place where SPARQL injection is actually the point, and is not far removed from SQL injection. Feel my pain :) I have to mark this an enhancement because of the very real risks of breaking something. Submitting an invalid query containing JavaScript (e.g. <script>fubar</script> in a string literal) may not be fully detectable to Apache Jena. Since the query is then reflected back to the query editor, a bad query could run JavaScript in your editor. In recent fixes, I was barely able to continue to use a GET method to submit a query to the query editor, but we like to share queries that way :) Of course, that doesn't mean the SPARQL endpoint couldn't return 400, but the code path in the editor is important to avoid that JavaScript reflection error. |
|
And ... mentioning this is important in case I ever have to hand over this issue to someone else. |
Currently when I submit invalid query I get response code 500 (Internal server error). I think it's more appropriate to return 400 (Bad request). Here is an example:
The text was updated successfully, but these errors were encountered: