Raised on the mailing list:
Sending a query using Jersey uses an internal URIBuilder
implementation, which uses an internal URIComponent's "contextual"
encoding mode for query parameters. This contextual mode treats any
data which looks like percent-encoded characters as percent-encoded
For example, adding a query parameter:
param: "dummy" value: "Amount is %30 of the total."
would get encoded and sent as:
On the server, this is then turned into:
param: "dummy" value: "Amount is 0 of the total."
In the current implementation, applications using the Jersey API have
no (easy) way to send data which just happens to look like
percent-encoded characters. Of course, knowing this makes it possible
to avoid this situation, but it does put the onus on the application
to ensure anything sent is sanitised first. Normally any transport
layer is responsible for transporting any data entrusted to it
verbatim to the destination.