You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Hartmut Arlt (JIRA)" <ji...@apache.org> on 2019/06/21 10:55:00 UTC
[jira] [Comment Edited] (HTTPCLIENT-1995) Percent-encoded ampersand
in URI path not preserved
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16869393#comment-16869393 ]
Hartmut Arlt edited comment on HTTPCLIENT-1995 at 6/21/19 10:54 AM:
--------------------------------------------------------------------
[~olegk] - No. I'm definitely not confusing query and path encoding rules.
I'm just referring to RFC 3986 ([https://tools.ietf.org/html/rfc3986#page-22)] which states the following
{noformat}
path = path-abempty ; begins with "/" or is empty
/ path-absolute ; begins with "/" but not "//"
/ path-noscheme ; begins with a non-colon segment
/ path-rootless ; begins with a segment
/ path-empty ; zero characters
path-abempty = *( "/" segment )
path-absolute = "/" [ segment-nz *( "/" segment ) ]
path-noscheme = segment-nz-nc *( "/" segment )
path-rootless = segment-nz *( "/" segment )
path-empty = 0<pchar>
segment = *pchar
segment-nz = 1*pchar
segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )
; non-zero-length segment without any colon ":"
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
{noformat}
+RFC 3986 obsoletes RFC 2396.+
was (Author: harlt):
[~olegk] - No. I'm definitely not confusing query and path encoding rules.
I'm just referring to RFC 3986 ([https://tools.ietf.org/html/rfc3986#page-22)] which states the following
path = path-abempty ; begins with "/" or is empty
/ path-absolute ; begins with "/" but not "//"
/ path-noscheme ; begins with a non-colon segment
/ path-rootless ; begins with a segment
/ path-empty ; zero characters
path-abempty = *( "/" segment )
path-absolute = "/" [ segment-nz *( "/" segment ) ]
path-noscheme = segment-nz-nc *( "/" segment )
path-rootless = segment-nz *( "/" segment )
path-empty = 0<pchar>
segment = *pchar
segment-nz = 1*pchar
segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )
; non-zero-length segment without any colon ":"
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
+RFC 3986 obsoletes RFC 2396.+
> Percent-encoded ampersand in URI path not preserved
> ---------------------------------------------------
>
> Key: HTTPCLIENT-1995
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1995
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.8, 4.5.9
> Environment: Linux Mint 19, OpenJDK 8
> Reporter: Hartmut Arlt
> Priority: Major
>
> Starting with HttpClient 4.5.8, percent-encoded ampersand characters in URI path segments are not preserved any longer but written in decoded form to wire due to path normalization performed by URIUtils.rewriteURI(URI, HttpHost).
>
> According to RFC 3986 (page 11+), the ampersand character is a delimiter and thus needs to be percent-encoded when not used for this purpose. Path normalization, as performed by HttpClient v4.5.8+, creates a new URI that is not equivalent to the original URI and thus leads to misinterpretation on server/receiver side.
> ??URIs that differ in the replacement of a reserved character with its??
> ??corresponding percent-encoded octet are not equivalent. Percent-??
> ??encoding a reserved character, or decoding a percent-encoded octet??
> ??that corresponds to a reserved character, will change how the URI is??
> ??interpreted by most applications??.
>
> A very simple test case is as follows:
> {code:java}
> @Test
> public void testAmpersand() throws Throwable
> {
> final URI uri = new URI("http://example.org/some/path%26with%20percent/encoded/segments");
> final URI uri2 = URIUtils.rewriteURI(uri, null);
>
> Assert.assertEquals(uri, uri2);
> }
> {code}
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org