users@jersey.java.net

Re: forbidden character in url

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Fri, 22 Feb 2008 13:09:46 +0100

Hi Guilhem,

The '[' and ']' are not legal characters of a URI (see more below).

You need to percent-encode the '[' and ']' characters to be a valid URI.
An unencoded query string:

    a=[content]

must be encoded as:

    a=%5Bcontent%5D

Who is producing the URI? Can you utilize '(' and ')' instead?


The relevant ABNF for the query string is:

   unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"

   pct-encoded = "%" HEXDIG HEXDIG

   sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
                  / "*" / "+" / "," / ";" / "="

   pchar = unreserved / pct-encoded / sub-delims / ":" / "@"

   query = *( pchar / "/" / "?" )


A'[' or ']' is not allowed in the query string in any part of the URI
except for a literal IPv6 address, the RFC states:

   A host identified by an Internet Protocol literal address, version 6
   [RFC3513] or later, is distinguished by enclosing the IP literal
   within square brackets ("[" and "]"). This is the only place where
   square bracket characters are allowed in the URI syntax


I notice that firefox does not percent-encode '[' or ']' and i can do
the following with out error:

   URI.create("http://host:8080/a/b/c?a=[a]");
   new URL("http://host:8080/a/b/c?a=[1]");


Sigh... i am reluctant to relax the validation of URIs...

Paul.

guilhem legal wrote:
> hi!
>
> I must receive an URL containing special character like '[' and jersey
> launch an illegal argument exception :
>
> java.lang.IllegalArgumentException: The string
> '&service=WCS&request=GetCoverage&version=1.1.1&identifier=AO_Coriolis_(Temp)&BoundingBox=,,,,&RangeSubset=Temp%E9rature[[Bogus]]&Format=application/matrix'
> for the URI component QUERY contains an invalid character, '[', at index
> 119
> com.sun.ws.rest.api.uri.UriComponent.validate(UriComponent.java:75)
>
> how can i avoid this component validation? is it possible?
>
>

[1] http://gbiv.com/protocols/uri/rfc/rfc3986.html#rfc.section.3.2.2



> Guilhem Legal
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>

-- 
| ? + ? = To question
----------------\
    Paul Sandoz
         x38109
+33-4-76188109