SPARQL response code for invalid queries

[piotr-gawron]

Currently when I submit invalid query I get response code 500 (Internal server error). I think it's more appropriate to return 400 (Bad request). Here is an example:

curl -o /dev/null -s -w "%{http_code}\n"  "https://id.nlm.nih.gov/mesh/sparql?query=blablabla&format=JSON&inference=true&offset=0&limit=1000"

[danizen]

@piotr-gawron, hard to discuss that with federal government security - SPARQL editor is a place where SPARQL injection is actually the point, and is not far removed from SQL injection. Feel my pain :)

I have to mark this an enhancement because of the very real risks of breaking something. Submitting an invalid query containing JavaScript (e.g. in a string literal) may not be fully detectable to Apache Jena. Since the query is then reflected back to the query editor, a bad query could run JavaScript in your editor. In recent fixes, I was barely able to continue to use a GET method to submit a query to the query editor, but we like to share queries that way :)

Of course, that doesn't mean the SPARQL endpoint couldn't return 400, but the code path in the editor is important to avoid that JavaScript reflection error.

[danizen]

And ... mentioning this is important in case I ever have to hand over this issue to someone else.