You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tapestry.apache.org by "Fernando (JIRA)" <de...@tapestry.apache.org> on 2008/02/22 21:45:19 UTC

[jira] Created: (TAPESTRY-2187) Context Parameter Encoding confuses Jetty Server, use non UrlEncoding.

Context Parameter Encoding confuses Jetty Server, use non UrlEncoding.
----------------------------------------------------------------------

                 Key: TAPESTRY-2187
                 URL: https://issues.apache.org/jira/browse/TAPESTRY-2187
             Project: Tapestry
          Issue Type: Bug
          Components: tapestry-core
    Affects Versions: 5.0.11
            Reporter: Fernando


TapestryInternalUtils.escapePercentAndSlash escapes the Percent and Slash characters using URL encoding.  This confuses Jetty, and could confuse browsers and other servers because of unknown times of encoding/decoding done by browsers and servers...

I propose to change the constants in TapestryInternalUtils:

    private static final String ENCODED_PERCENT = "%25";
    private static final String ENCODED_SLASH = "%2F";

to use a different escape character, maybe one of the unreserved characters: "-", "_", ".", "~"; then make sure to encode that character as well..

so ENCODED_PERCENT would be ~25, ENCODED_SLASH would be ~2F
and we would add ENCODED_TILDE to be ~7E



http://en.wikipedia.org/wiki/Percent-encoding


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org

[jira] Commented: (TAPESTRY-2187) Context Parameter Encoding confuses Jetty Server, use non UrlEncoding.

Posted by "Fernando (JIRA)" <de...@tapestry.apache.org>.

    [ https://issues.apache.org/jira/browse/TAPESTRY-2187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12575447#action_12575447 ] 

Fernando commented on TAPESTRY-2187:
------------------------------------

But the url in your test is doubly encoded. Which is what I see within the html page.. but the browser sends back a url that has been decoded once already, something like:

http://localhost:8080/target/betty/wimla/betty%2Fwilma/...............

( What are the %E8, %8A, %B1, %E5, %AD, %90 characters? )


Which if you put debug on request.getServletPath(), you'll see that tomcat and jetty deal with it differently.  One prints out the "%2F" the other prints out "/" instead, thus confusing the whole page/context parsing.

-----

The Jetty 5.1 that I run within eclipse demonstrates this clearly:

URL coming into server: /fbracket/start.canvaslayout.analyticsiframe:hbx/Start/%2Ffbracket/M030?fb_sig_in_i........
The context parsed: start.canvaslayout.analyticsiframe:hbx; [ Start, , fbracket, M030 ]

And this works properly when running under Tomcat 5.5

-----

I had a discussion with the Jetty guys.  They complain that it's actually Tomcat not working decoding stuff when it should be decoding stuff..  You can look at the discussion here.. I have yet to talk to tomcat guys.

http://jira.codehaus.org/browse/JETTY-516

Not sure what to do about it, unless you want to change how tapestry parses out the page by looking at requestURI instead of servletPath/pathInfo.  Or change the way the "%" is encoded in the context arguments..


> Context Parameter Encoding confuses Jetty Server, use non UrlEncoding.
> ----------------------------------------------------------------------
>
>                 Key: TAPESTRY-2187
>                 URL: https://issues.apache.org/jira/browse/TAPESTRY-2187
>             Project: Tapestry
>          Issue Type: Bug
>          Components: tapestry-core
>    Affects Versions: 5.0.11
>            Reporter: Fernando
>
> TapestryInternalUtils.escapePercentAndSlash escapes the Percent and Slash characters using URL encoding.  This confuses Jetty, and could confuse browsers and other servers because of unknown times of encoding/decoding done by browsers and servers...
> I propose to change the constants in TapestryInternalUtils:
>     private static final String ENCODED_PERCENT = "%25";
>     private static final String ENCODED_SLASH = "%2F";
> to use a different escape character, maybe one of the unreserved characters: "-", "_", ".", "~"; then make sure to encode that character as well..
> so ENCODED_PERCENT would be ~25, ENCODED_SLASH would be ~2F
> and we would add ENCODED_TILDE to be ~7E
> http://en.wikipedia.org/wiki/Percent-encoding

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org

[jira] Commented: (TAPESTRY-2187) Context Parameter Encoding confuses Jetty Server, use non UrlEncoding.

Posted by "Howard M. Lewis Ship (JIRA)" <de...@tapestry.apache.org>.

    [ https://issues.apache.org/jira/browse/TAPESTRY-2187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12575443#action_12575443 ] 

Howard M. Lewis Ship commented on TAPESTRY-2187:
------------------------------------------------

What do you mean by "confused Jetty"?  Our tests use this and it works correctly.

This is a sample complex URL:

http://localhost:8080/target/betty/wilma/betty%252Fwilma/%E8%8A%B1%E5%AD%90

This works properly with Jetty because Jetty is the server used with our unit tests.

> Context Parameter Encoding confuses Jetty Server, use non UrlEncoding.
> ----------------------------------------------------------------------
>
>                 Key: TAPESTRY-2187
>                 URL: https://issues.apache.org/jira/browse/TAPESTRY-2187
>             Project: Tapestry
>          Issue Type: Bug
>          Components: tapestry-core
>    Affects Versions: 5.0.11
>            Reporter: Fernando
>
> TapestryInternalUtils.escapePercentAndSlash escapes the Percent and Slash characters using URL encoding.  This confuses Jetty, and could confuse browsers and other servers because of unknown times of encoding/decoding done by browsers and servers...
> I propose to change the constants in TapestryInternalUtils:
>     private static final String ENCODED_PERCENT = "%25";
>     private static final String ENCODED_SLASH = "%2F";
> to use a different escape character, maybe one of the unreserved characters: "-", "_", ".", "~"; then make sure to encode that character as well..
> so ENCODED_PERCENT would be ~25, ENCODED_SLASH would be ~2F
> and we would add ENCODED_TILDE to be ~7E
> http://en.wikipedia.org/wiki/Percent-encoding

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org

[jira] Closed: (TAPESTRY-2187) Context Parameter Encoding confuses Jetty Server, use non UrlEncoding.

Posted by "Howard M. Lewis Ship (JIRA)" <de...@tapestry.apache.org>.

     [ https://issues.apache.org/jira/browse/TAPESTRY-2187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Howard M. Lewis Ship closed TAPESTRY-2187.
------------------------------------------

    Resolution: Incomplete
      Assignee: Howard M. Lewis Ship

I'm still of the opinion that Tapestry and Jetty are right and Tomcat is wrong, or that there's some other issue involved.  Please reopen if you have a definitive answer.

> Context Parameter Encoding confuses Jetty Server, use non UrlEncoding.
> ----------------------------------------------------------------------
>
>                 Key: TAPESTRY-2187
>                 URL: https://issues.apache.org/jira/browse/TAPESTRY-2187
>             Project: Tapestry
>          Issue Type: Bug
>          Components: tapestry-core
>    Affects Versions: 5.0.11
>            Reporter: Fernando
>            Assignee: Howard M. Lewis Ship
>
> TapestryInternalUtils.escapePercentAndSlash escapes the Percent and Slash characters using URL encoding.  This confuses Jetty, and could confuse browsers and other servers because of unknown times of encoding/decoding done by browsers and servers...
> I propose to change the constants in TapestryInternalUtils:
>     private static final String ENCODED_PERCENT = "%25";
>     private static final String ENCODED_SLASH = "%2F";
> to use a different escape character, maybe one of the unreserved characters: "-", "_", ".", "~"; then make sure to encode that character as well..
> so ENCODED_PERCENT would be ~25, ENCODED_SLASH would be ~2F
> and we would add ENCODED_TILDE to be ~7E
> http://en.wikipedia.org/wiki/Percent-encoding

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org