|
Currently the ResponseUtil.urlEncode method just uses the java.net.URLEncoder method to encode special characters for the parameters values.
This works fine unless the parameter value does not represent a valid URL.
The java.net.URLEncoder performs a HTML Form encoding. In other words a value like this:
https://mywebsite/...
would result in something like the following
http%3A%2F%2Fmywebsite%2F
i.e. an invalid URL.
A possible solution would be to add a check for a valid URL on the encodeURL method, avoiding to encode also the scheme and path of the URL in case this is provided as value of the parameter itself.
/**
-
URL encodes the value towards the ISO-8859-1 charset
-
@param value
*/
public static String urlEncode(String value) {
try
Unknown macro: { UrlValidator urlValidator = new UrlValidator(); if(urlValidator.isValid(value)) { // Don't use the URLEncoder class! Despite the name, that class actually does HTML form encoding, not URL encoding. It's not correct // to concatenate unencoded strings to make an "unencoded" URL and then pass it through a URLEncoder. Doing so will result in problems // (particularly the aforementioned one regarding spaces and plus signs in the path). return URI.create(value).toASCIIString(); } else { // TODO: URLEncoder also encodes ( and ) which are considered safe chars, // see also http://www.w3.org/International/O-URL-code.html return URLEncoder.encode(value, "ISO-8859-1"); } }
catch (UnsupportedEncodingException e) { throw new RuntimeException("This is unexpected", e); }
}
|
