-
Notifications
You must be signed in to change notification settings - Fork 38.6k
Closed
Labels
in: webIssues in web modules (web, webmvc, webflux, websocket)Issues in web modules (web, webmvc, webflux, websocket)status: duplicateA duplicate of another issueA duplicate of another issue
Description
Alexander Hawley opened SPR-10303 and commented
When using the Spring tag lib (http://www.springframework.org/tags
), the spring:url
tag does not encode a URI correctly. Some reserved characters are not encoded ever, others only sometimes.
For example, the slash character /
should be encoded as %2f
.
I've tried every permutation I could think of. Templating, not templating, parameters, et al.
Results as follows.
List of strings which contain reserved characters:
List<String> paths = Arrays.asList(
"foo%boo"
,"foo/boo"
,"foo?boo"
,"foo=boo"
,"foo&boo"
,"foo#boo"
,"foo$boo"
,"foo+boo"
,"foo,boo"
,"foo:boo"
,"foo;boo"
,"foo@boo"
);
JSP to utilize the Spring tag library:
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"
%><%@ taglib prefix="spring" uri="http://www.springframework.org/tags"
%><!DOCTYPE html>
<html lang="en">
<head>
<title></title>
<meta charset="utf-8"/>
</head>
<body>
<ul>
<c:forEach items="${paths}" var="path">
<li>
<div>path: <code>"<c:out value="${path}"/>"</code></div>
<div>spring:url, path: <code>"<spring:url value="http://domain.com/${path}" htmlEscape="true"/>"</code></div>
<div>spring:url, query: <code>"<spring:url value="http://domain.com/?${path}" htmlEscape="true"/>"</code></div>
<div>spring:url, spring:param: <code>"<spring:url value="" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
<div>spring:url, spring:param, domain: <code>"<spring:url value="http://domain.com/" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
<div>spring:url, spring:param, template: <code>"<spring:url value="{param}" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
<div>spring:url, spring:param, template, path: <code>"<spring:url value="http://domain.com/{param}" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
<div>spring:url, spring:param, template, query: <code>"<spring:url value="http://domain.com/?{param}" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
</li>
</c:forEach>
</ul>
</body>
</html>
Result:
path: "foo%boo"
spring:url, path: "http://domain.com/foo%boo"
spring:url, query: "http://domain.com/?foo%boo"
spring:url, spring:param: "?param=foo%25boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%25boo"
spring:url, spring:param, template: "foo%25boo"
spring:url, spring:param, template, path: "http://domain.com/foo%25boo"
spring:url, spring:param, template, query: "http://domain.com/?foo%25boo"
path: "foo/boo"
spring:url, path: "http://domain.com/foo/boo"
spring:url, query: "http://domain.com/?foo/boo"
spring:url, spring:param: "?param=foo/boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo/boo"
spring:url, spring:param, template: "foo/boo"
spring:url, spring:param, template, path: "http://domain.com/foo/boo"
spring:url, spring:param, template, query: "http://domain.com/?foo/boo"
path: "foo?boo"
spring:url, path: "http://domain.com/foo?boo"
spring:url, query: "http://domain.com/?foo?boo"
spring:url, spring:param: "?param=foo?boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo?boo"
spring:url, spring:param, template: "foo%3Fboo"
spring:url, spring:param, template, path: "http://domain.com/foo%3Fboo"
spring:url, spring:param, template, query: "http://domain.com/?foo%3Fboo"
path: "foo=boo"
spring:url, path: "http://domain.com/foo=boo"
spring:url, query: "http://domain.com/?foo=boo"
spring:url, spring:param: "?param=foo%3Dboo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%3Dboo"
spring:url, spring:param, template: "foo=boo"
spring:url, spring:param, template, path: "http://domain.com/foo=boo"
spring:url, spring:param, template, query: "http://domain.com/?foo=boo"
path: "foo&boo"
spring:url, path: "http://domain.com/foo&boo"
spring:url, query: "http://domain.com/?foo&boo"
spring:url, spring:param: "?param=foo%26boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%26boo"
spring:url, spring:param, template: "foo&boo"
spring:url, spring:param, template, path: "http://domain.com/foo&boo"
spring:url, spring:param, template, query: "http://domain.com/?foo&boo"
path: "foo#boo"
spring:url, path: "http://domain.com/foo#boo"
spring:url, query: "http://domain.com/?foo#boo"
spring:url, spring:param: "?param=foo%23boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%23boo"
spring:url, spring:param, template: "foo%23boo"
spring:url, spring:param, template, path: "http://domain.com/foo%23boo"
spring:url, spring:param, template, query: "http://domain.com/?foo%23boo"
path: "foo$boo"
spring:url, path: "http://domain.com/foo$boo"
spring:url, query: "http://domain.com/?foo$boo"
spring:url, spring:param: "?param=foo$boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo$boo"
spring:url, spring:param, template: "foo$boo"
spring:url, spring:param, template, path: "http://domain.com/foo$boo"
spring:url, spring:param, template, query: "http://domain.com/?foo$boo"
path: "foo+boo"
spring:url, path: "http://domain.com/foo+boo"
spring:url, query: "http://domain.com/?foo+boo"
spring:url, spring:param: "?param=foo%2Bboo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%2Bboo"
spring:url, spring:param, template: "foo+boo"
spring:url, spring:param, template, path: "http://domain.com/foo+boo"
spring:url, spring:param, template, query: "http://domain.com/?foo+boo"
path: "foo,boo"
spring:url, path: "http://domain.com/foo,boo"
spring:url, query: "http://domain.com/?foo,boo"
spring:url, spring:param: "?param=foo,boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo,boo"
spring:url, spring:param, template: "foo,boo"
spring:url, spring:param, template, path: "http://domain.com/foo,boo"
spring:url, spring:param, template, query: "http://domain.com/?foo,boo"
path: "foo:boo"
spring:url, path: "http://domain.com/foo:boo"
spring:url, query: "http://domain.com/?foo:boo"
spring:url, spring:param: "?param=foo:boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo:boo"
spring:url, spring:param, template: "foo:boo"
spring:url, spring:param, template, path: "http://domain.com/foo:boo"
spring:url, spring:param, template, query: "http://domain.com/?foo:boo"
path: "foo;boo"
spring:url, path: "http://domain.com/foo;boo"
spring:url, query: "http://domain.com/?foo;boo"
spring:url, spring:param: "?param=foo;boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo;boo"
spring:url, spring:param, template: "foo;boo"
spring:url, spring:param, template, path: "http://domain.com/foo;boo"
spring:url, spring:param, template, query: "http://domain.com/?foo;boo"
path: "foo@boo"
spring:url, path: "http://domain.com/foo@boo"
spring:url, query: "http://domain.com/?foo@boo"
spring:url, spring:param: "?param=foo@boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo@boo"
spring:url, spring:param, template: "foo@boo"
spring:url, spring:param, template, path: "http://domain.com/foo@boo"
spring:url, spring:param, template, query: "http://domain.com/?foo@boo"
Any ideas?
Thanks.
-AH
Affects: 3.1 GA
Issue Links:
- spring:url tag does not correctly encode forward slash / in path variable. Should be calling encodePathSegment [SPR-11401] #16028 spring:url tag does not correctly encode forward slash / in path variable. Should be calling encodePathSegment ("duplicates")
- Spring request mapping annotation does not map an encoded URI correctly [SPR-10306] #14940 Spring request mapping annotation does not map an encoded URI correctly
Metadata
Metadata
Assignees
Labels
in: webIssues in web modules (web, webmvc, webflux, websocket)Issues in web modules (web, webmvc, webflux, websocket)status: duplicateA duplicate of another issueA duplicate of another issue