0

javax.ws.rs.core.UriBuilder is not escaping } correctly:

import javax.ws.rs.core.UriBuilder;
public void test() {
    final UriBuilder builder = UriBuilder.fromUri("http://host");
    builder.path("dir}one");
    l.info(builder.toString());
}

Will output http://host/dir}one, leaving } unescaped.

Whereas org.apache.http.client.utils.URIBuilder:

org.apache.http.client.utils.URIBuilder;
public void testApache() {
    final URIBuilder builder = new URIBuilder(URI.create("http://host"));
    builder.setPath("dir}one");
    l.info(builder.toString());
}

Will output http://hostdir%7Done, escaping } with %7D as expected.

Is this a bug in the javax.ws.rs.core.UriBuilder?

Roland
  • 7,525
  • 13
  • 61
  • 124

2 Answers2

1

According to RFC 3986 the character } is not a reserved character and therefore it need not be escaped. It can be escaped with %7D, but that is not necessary.

So both UriBuilder implementations behave correctly.

Community
  • 1
  • 1
P.J.Meisch
  • 18,013
  • 6
  • 50
  • 66
  • If you go throught the answers of this [question](https://stackoverflow.com/questions/1547899/which-characters-make-a-url-invalid) you see mentions of `}` as either unwise character or forbidden. There is no clear consensus, but it still seems that the wiser choice is to escape it. – Roland Jul 18 '17 at 07:29
  • 1
    wiser indeed, especially when thinking about programs processing such an URI. I would prefer to encode it as well, but it is no error to not encode it, so actually your code should be able to handle such characters unencoded – P.J.Meisch Jul 18 '17 at 07:54
  • 1
    the build method in UriBuilder does not seem to be able to handle the curly braces itself.. – Koray Tugay Jul 25 '22 at 14:32
  • @KorayTugay I think it's related to the fact that `UriBuilder` uses `{ }` for templating. – Martynas Jusevičius Jun 28 '23 at 21:32
0

Actually, if you don't escape braces, RestEasy (containing an implementation of UriBuilder) will complain by throwing a jakarta.ws.rs.core.UriBuilderException: RESTEASY003330: Failed to create URI caused by a java.net.URISyntaxException: Illegal character in query at index. However, I'm not sure that it can be fixed in jakarta.​ws.​rs.​core.UriBuilder because it's a template-aware builder, it uses the curly braces to delimit templates. Therefore, in my humble opinion, it's up to the caller to indicate that some curly braces aren't used for building templates so that RestEasy (or Jersey) doesn't try to interpret the string between curly braces as a template and to avoid sending unencoded curly braces to java.base/java.net.URI$Parser.checkChars() that rejects them for sure, no matter what the RFC says.

Personally, I simply do that:

final String encoded = unencoded.replace("{", "%7B").replace("}", "%7D");

Keep in mind that you can break template management by using this dirty kludge unwisely.

P.S: RestEasy's documentation seems to confirm my findings.

gouessej
  • 3,640
  • 3
  • 33
  • 67