users@jsr311.java.net

Re: Decoding '+' in path parameters

From: Sergey Beryozkin <sberyozk_at_progress.com>
Date: Tue, 10 Mar 2009 17:00:45 -0000

I've done a bit of testing, URLDecoder does not touch any of the characters in "!$&'()*,;=", except for '+' - so that's where the
bug is (in our code)

Thanks for your help, Sergey

----- Original Message -----
From: "Marc Hadley" <Marc.Hadley_at_Sun.COM>
To: <users_at_jsr311.dev.java.net>
Sent: Tuesday, March 10, 2009 3:08 PM
Subject: Re: Decoding '+' in path parameters


> If you look at the production for the path component (http://tools.ietf.org/html/rfc3986#section-3.3 ) then it looks to me like
> '+' is allowed without any kind of encoding:
>
> segment = *pchar
> pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
> sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
> / "*" / "+" / "," / ";" / "="
>
> URLDecoder is intended for use with URL query parameters that conform to application/x-www-form-urlencoded.
>
> I think your user is correct, the '+' should not be decoded if it part of the path. You should only decode '+' within query
> parameters.
>
> Marc.
>
> On Mar 10, 2009, at 10:53 AM, Sergey Beryozkin wrote:
>>
>> PathParam values are automatically decoded by JAXRS implementations unless @Encoded is specified.
>> In CXF we just use URLDecoder to decode. If '+' is contained in a given value then URLDecoder will produce an empty space
>> instead of '+' and one of the CXF users sees it as a bug.
>> I reckon that if a user percent-encoded a '+' or added @Encoded annotation to a path parameter, then things would work fine.
>>
>> What I'm kind of confused about is that '+' is listed at [1] as one of the reserved characters, and the test says that it is
>> percent- encoded values that have to be decoded.
>>
>> Is CXF JAXRS-compliant (I'm asking it this way to make this post less off-topic :-)) in the way it decodes '+' (to space by
>> default) ?
>>
>> Thanks, Sergey
>>
>> [1] http://tools.ietf.org/html/rfc3986
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.