[
https://issues.apache.org/jira/browse/HTTPCORE-778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Halicky updated HTTPCORE-778:
-----------------------------------
Description:
URI fragment is encoded in URIBuilder using:
{code:java}
PercentCodec.encode(sb, this.fragment, this.charset); {code}
(line 401, end of buildString method)
This encodes all characters except UNRESERVED using the percent-format.
As per (obsoleted) RFC2396, URI fragment should use URIC safe-chars.
As per RFC3986, quite a bit more characters should not be encoded:
{code:java}
pct-encoded = "%" HEXDIG HEXDIG
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
fragment = *( pchar / "/" / "?" ) {code}
Note that URIBuilder in httpclient 4.5.13 conforms to at least the old RFC2396,
as it uses URIC set of safe characters (i.e. this is in fact a regression).
was:
URI fragment is encoded in URIBuilder using:
{code:java}
PercentCodec.encode(sb, this.fragment, this.charset); {code}
(line 372, end of buildString method)
This encodes all characters except UNRESERVED using the percent-format.
As per (obsoleted) RFC2396, URI fragment should use URIC safe-chars.
As per RFC3986, quite a bit more characters should not be encoded:
{code:java}
pct-encoded = "%" HEXDIG HEXDIG
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
fragment = *( pchar / "/" / "?" ) {code}
Note that URIBuilder in httpclient 4.5.13 conforms to at least the old RFC2396,
as it uses URIC set of safe characters (i.e. this is in fact a regression).
> URIBuilder uses incorrect encoding method for URI fragment
> ----------------------------------------------------------
>
> Key: HTTPCORE-778
> URL: https://issues.apache.org/jira/browse/HTTPCORE-778
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore
> Affects Versions: 5.3.3
> Reporter: Peter Halicky
> Priority: Major
>
> URI fragment is encoded in URIBuilder using:
> {code:java}
> PercentCodec.encode(sb, this.fragment, this.charset); {code}
> (line 401, end of buildString method)
> This encodes all characters except UNRESERVED using the percent-format.
> As per (obsoleted) RFC2396, URI fragment should use URIC safe-chars.
> As per RFC3986, quite a bit more characters should not be encoded:
> {code:java}
> pct-encoded = "%" HEXDIG HEXDIG
> unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
> sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" /
> "="
> pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
> fragment = *( pchar / "/" / "?" ) {code}
> Note that URIBuilder in httpclient 4.5.13 conforms to at least the old
> RFC2396, as it uses URIC set of safe characters (i.e. this is in fact a
> regression).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
