jersey
  1. jersey
  2. JERSEY-1717

Query parameters do not encode data which looks like percent-encoded characters

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: 2.0-rc1, 2.0
    • Component/s: None
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      85

      Description

      Raised on the mailing list:
      http://n2.nabble.com/Question-on-the-Encoding-of-Query-Parameters-td4105222.html#a4105222

      Sending a query using Jersey uses an internal URIBuilder
      implementation, which uses an internal URIComponent's "contextual"
      encoding mode for query parameters. This contextual mode treats any
      data which looks like percent-encoded characters as percent-encoded
      characters.

      For example, adding a query parameter:
      param: "dummy" value: "Amount is %30 of the total."

      would get encoded and sent as:
      dummy=Amount+is+%30+of+the+total.

      On the server, this is then turned into:
      param: "dummy" value: "Amount is 0 of the total."

      In the current implementation, applications using the Jersey API have
      no (easy) way to send data which just happens to look like
      percent-encoded characters. Of course, knowing this makes it possible
      to avoid this situation, but it does put the onus on the application
      to ensure anything sent is sanitised first. Normally any transport
      layer is responsible for transporting any data entrusted to it
      verbatim to the destination.

        Issue Links

          Activity

          Hide
          mhadley added a comment -

          This problem occurs when using queryParam(name, value). A workaround is to use queryParam(name,
          "

          {value}

          ").build(value).

          Show
          mhadley added a comment - This problem occurs when using queryParam(name, value). A workaround is to use queryParam(name, " {value} ").build(value).
          Hide
          Marek Potociar added a comment -

          We need to see if Jersey 2.0 client implementation suffers the same issue. It does not seem to be a spec bug, thus moving to Jersey.

          Show
          Marek Potociar added a comment - We need to see if Jersey 2.0 client implementation suffers the same issue. It does not seem to be a spec bug, thus moving to Jersey.

            People

            • Assignee:
              Pavel Bucek
              Reporter:
              mwerle
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 3 hours
                3h
                Remaining:
                0m
                Logged:
                Time Not Required
                1m