Spring tag library does not encode a URI correctly [SPR-10303]

[spring-projects-issues]

Alexander Hawley opened SPR-10303 and commented

When using the Spring tag lib (http://www.springframework.org/tags), the spring:url tag does not encode a URI correctly. Some reserved characters are not encoded ever, others only sometimes.

For example, the slash character / should be encoded as %2f.

I've tried every permutation I could think of. Templating, not templating, parameters, et al.

Results as follows.

List of strings which contain reserved characters:

List<String> paths = Arrays.asList(
    "foo%boo"
    ,"foo/boo"
    ,"foo?boo"
    ,"foo=boo"
    ,"foo&boo"
    ,"foo#boo"
    ,"foo$boo"
    ,"foo+boo"
    ,"foo,boo"
    ,"foo:boo"
    ,"foo;boo"
    ,"foo@boo"
);

JSP to utilize the Spring tag library:

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"
%><%@ taglib prefix="spring" uri="http://www.springframework.org/tags"
%><!DOCTYPE html>
<html lang="en">
  <head>
    <title></title>
    <meta charset="utf-8"/>
  </head>
  <body>
    <ul>
      <c:forEach items="${paths}" var="path">
        <li>
          <div>path: <code>"<c:out value="${path}"/>"</code></div>
          <div>spring:url, path: <code>"<spring:url value="http://domain.com/${path}" htmlEscape="true"/>"</code></div>
          <div>spring:url, query: <code>"<spring:url value="http://domain.com/?${path}" htmlEscape="true"/>"</code></div>
          <div>spring:url, spring:param: <code>"<spring:url value="" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
          <div>spring:url, spring:param, domain: <code>"<spring:url value="http://domain.com/" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
          <div>spring:url, spring:param, template: <code>"<spring:url value="{param}" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
          <div>spring:url, spring:param, template, path: <code>"<spring:url value="http://domain.com/{param}" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
          <div>spring:url, spring:param, template, query: <code>"<spring:url value="http://domain.com/?{param}" htmlEscape="true"><spring:param name="param" value="${path}"/></spring:url>"</code></div>
        </li>
      </c:forEach>
    </ul>
  </body>
</html>

Result:

path: "foo%boo"
spring:url, path: "http://domain.com/foo%boo"
spring:url, query: "http://domain.com/?foo%boo"
spring:url, spring:param: "?param=foo%25boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%25boo"
spring:url, spring:param, template: "foo%25boo"
spring:url, spring:param, template, path: "http://domain.com/foo%25boo"
spring:url, spring:param, template, query: "http://domain.com/?foo%25boo"

path: "foo/boo"
spring:url, path: "http://domain.com/foo/boo"
spring:url, query: "http://domain.com/?foo/boo"
spring:url, spring:param: "?param=foo/boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo/boo"
spring:url, spring:param, template: "foo/boo"
spring:url, spring:param, template, path: "http://domain.com/foo/boo"
spring:url, spring:param, template, query: "http://domain.com/?foo/boo"

path: "foo?boo"
spring:url, path: "http://domain.com/foo?boo"
spring:url, query: "http://domain.com/?foo?boo"
spring:url, spring:param: "?param=foo?boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo?boo"
spring:url, spring:param, template: "foo%3Fboo"
spring:url, spring:param, template, path: "http://domain.com/foo%3Fboo"
spring:url, spring:param, template, query: "http://domain.com/?foo%3Fboo"

path: "foo=boo"
spring:url, path: "http://domain.com/foo=boo"
spring:url, query: "http://domain.com/?foo=boo"
spring:url, spring:param: "?param=foo%3Dboo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%3Dboo"
spring:url, spring:param, template: "foo=boo"
spring:url, spring:param, template, path: "http://domain.com/foo=boo"
spring:url, spring:param, template, query: "http://domain.com/?foo=boo"

path: "foo&boo"
spring:url, path: "http://domain.com/foo&boo"
spring:url, query: "http://domain.com/?foo&boo"
spring:url, spring:param: "?param=foo%26boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%26boo"
spring:url, spring:param, template: "foo&boo"
spring:url, spring:param, template, path: "http://domain.com/foo&boo"
spring:url, spring:param, template, query: "http://domain.com/?foo&boo"

path: "foo#boo"
spring:url, path: "http://domain.com/foo#boo"
spring:url, query: "http://domain.com/?foo#boo"
spring:url, spring:param: "?param=foo%23boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%23boo"
spring:url, spring:param, template: "foo%23boo"
spring:url, spring:param, template, path: "http://domain.com/foo%23boo"
spring:url, spring:param, template, query: "http://domain.com/?foo%23boo"

path: "foo$boo"
spring:url, path: "http://domain.com/foo$boo"
spring:url, query: "http://domain.com/?foo$boo"
spring:url, spring:param: "?param=foo$boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo$boo"
spring:url, spring:param, template: "foo$boo"
spring:url, spring:param, template, path: "http://domain.com/foo$boo"
spring:url, spring:param, template, query: "http://domain.com/?foo$boo"

path: "foo+boo"
spring:url, path: "http://domain.com/foo+boo"
spring:url, query: "http://domain.com/?foo+boo"
spring:url, spring:param: "?param=foo%2Bboo"
spring:url, spring:param, domain: "http://domain.com/?param=foo%2Bboo"
spring:url, spring:param, template: "foo+boo"
spring:url, spring:param, template, path: "http://domain.com/foo+boo"
spring:url, spring:param, template, query: "http://domain.com/?foo+boo"

path: "foo,boo"
spring:url, path: "http://domain.com/foo,boo"
spring:url, query: "http://domain.com/?foo,boo"
spring:url, spring:param: "?param=foo,boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo,boo"
spring:url, spring:param, template: "foo,boo"
spring:url, spring:param, template, path: "http://domain.com/foo,boo"
spring:url, spring:param, template, query: "http://domain.com/?foo,boo"

path: "foo:boo"
spring:url, path: "http://domain.com/foo:boo"
spring:url, query: "http://domain.com/?foo:boo"
spring:url, spring:param: "?param=foo:boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo:boo"
spring:url, spring:param, template: "foo:boo"
spring:url, spring:param, template, path: "http://domain.com/foo:boo"
spring:url, spring:param, template, query: "http://domain.com/?foo:boo"

path: "foo;boo"
spring:url, path: "http://domain.com/foo;boo"
spring:url, query: "http://domain.com/?foo;boo"
spring:url, spring:param: "?param=foo;boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo;boo"
spring:url, spring:param, template: "foo;boo"
spring:url, spring:param, template, path: "http://domain.com/foo;boo"
spring:url, spring:param, template, query: "http://domain.com/?foo;boo"

path: "foo@boo"
spring:url, path: "http://domain.com/foo@boo"
spring:url, query: "http://domain.com/?foo@boo"
spring:url, spring:param: "?param=foo@boo"
spring:url, spring:param, domain: "http://domain.com/?param=foo@boo"
spring:url, spring:param, template: "foo@boo"
spring:url, spring:param, template, path: "http://domain.com/foo@boo"
spring:url, spring:param, template, query: "http://domain.com/?foo@boo"

Any ideas?

Thanks.

-AH

---

Affects: 3.1 GA

Issue Links:

• spring:url tag does not correctly encode forward slash / in path variable. Should be calling encodePathSegment [SPR-11401] #16028 spring:url tag does not correctly encode forward slash / in path variable. Should be calling encodePathSegment ("duplicates")
• Spring request mapping annotation does not map an encoded URI correctly [SPR-10306] #14940 Spring request mapping annotation does not map an encoded URI correctly

[spring-projects-issues]

Alexander Hawley commented

Removed unrelated code.