2

Earlier today I asked this question about an url encoding problem.

I was trying to encode url query params with spring's UriComponentBuilder, then I also tried apache commons' UriBuilder. Both encode a plus sign (+) within a query param as %2B, but according to the specification RFC3986 (Section 3.4), a plus sign is permitted in the query params. Not permitted are only:

*( pchar / "/" / "?" )

So this would be a valid url

http://www.example.com?foo=bar+baz

But both libraries convert the +:

http://www.example.com?foo=bar%2Bbaz

I never heard of that before and assumed that a + is in fact an encoded whitespace character. In addition, this answer states that at least spring follows that spec.

Who is right? The specification, or spring and apache? Or do I simply misunderstand something? Or which specification is followed by those libs?

Sidenote

I would even consider it bad practice to not allow and not parse the encoded character server side, would you agree?

Community
  • 1
  • 1
baao
  • 71,625
  • 17
  • 143
  • 203
  • 1
    The specification may be more lenient (not sure), but that does not mean that spring or apache are wrong; they are just more strict. – Mark Rotteveel Jan 06 '17 at 16:40
  • That was one of my thoughts too. @MarkRotteveel -- I would even consider it bad practice to not allow the encoded character server side, would you agree? – baao Jan 06 '17 at 16:43

0 Answers0