-
Notifications
You must be signed in to change notification settings - Fork 523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
URL parameter with colon causes exception #669
Comments
Thanks for the nice bug report! Let us know if we can help! |
Sure |
@jjlauer This issue is quite strange to me... Do you have an idea how to do this in a "better" way. I guess URI.create is not ideal... but I have no idea to do it better... Somehow we can't be the first ones trying to unescape paths of a uri... |
Well, the correct way of decoding is using |
I haven't looked at this part of the code for awhile, but yes, its something with how Jetty or the servlet spec causes this stuff to be decoded earlier up the chain. |
Error description
When defining a path parameter
and opening the url where the
name
parameter contains a colon will break the decoderRoot cause
The
%3a
part of the url is are already decoded whenNinjaServletContext.init
is called.In this case the
requestPath
containsNote the decoded
:
after2016
This causes
URI.create(encodedParameter).getPath();
inAbstractContext
to fail since this is an invalid url.I assume this call is only used to decode the url? If so is it possible to use UrlDecoder instead?
Workaround
As a workaround it is possible to revert the early escaping using a filter.
It's not the most elegant solution but fixes the issue for now without changing the ninja sources
The text was updated successfully, but these errors were encountered: