You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When attempting to retrieve GET /some/url/[email protected], the URL is incorrectly URL encoded to be /some/url/jack%[email protected]. In this case, the + is interpreted as a space and encoded as such.
While this is perfectly fine in the query parameter section of a URL, it is not correct to do this within the path itself. The plus character in the path is literally a plus, and should not be url encoded.
The offending line can be seen here
For some reason it's decoding the path as if it's an application/x-www-form-urlencoded MIME format. From the URLDecoder documentation, right at the top:
Utility class for HTML form decoding. This class contains static methods for decoding a String from the application/x-www-form-urlencoded MIME format.
Seems to me that the path should not be treated as being in application/x-www-form-urlencoded MIME format. After that erroneous decoding (which replaces the + with a space), it gets encoded with the %20
References: Stackoverflow IETF (in the RFC, + is not given special character status, and therefore should remain untouched.) Oracle docs
The text was updated successfully, but these errors were encountered:
From #158
When attempting to retrieve
GET /some/url/[email protected], the URL is incorrectly URL encoded to be/some/url/jack%[email protected]. In this case, the + is interpreted as a space and encoded as such.While this is perfectly fine in the query parameter section of a URL, it is not correct to do this within the path itself. The plus character in the path is literally a plus, and should not be url encoded.
The offending line can be seen here
For some reason it's decoding the path as if it's an application/x-www-form-urlencoded MIME format. From the URLDecoder documentation, right at the top:
Utility class for HTML form decoding. This class contains static methods for decoding a String from the application/x-www-form-urlencoded MIME format.
Seems to me that the path should not be treated as being in application/x-www-form-urlencoded MIME format. After that erroneous decoding (which replaces the + with a space), it gets encoded with the %20
References:
Stackoverflow
IETF (in the RFC, + is not given special character status, and therefore should remain untouched.)
Oracle docs
The text was updated successfully, but these errors were encountered: