[英]Escaping `%` symbol in query parameter in JAX-RS
I try to send GET request with some URL string as a parameter using any of Jersey or Resteasy 我尝试使用Jersey或Resteasy的任何一个发送带有一些URL字符串作为参数的GET请求
Response response = new ResteasyClientBuilder()
.build()
.target(UriBuilder.fromPath("https://foo.bar"))
.queryParam("url", "http://hostname.com/The%20URL%20with spaces.jpg")
.request()
.get();
Both implementations send 两种实现都发送
https://foo.bar?url=http%3A%2F%2Fhostname.com%2FThe%20URL%20with%20spaces.jpg
I assume that original space is escaped with %20
and original %20
is double-escaped in the query parameter. 我假设原始空间使用
%20
转义,原始%20
在查询参数中进行了两次转义。
But it isn't. 但事实并非如此。
Original space and %20
are mixed, and on the server side I get unescaped string with all %20
converted to spaces and the string gets broken. 原始空格和
%20
混合在一起,在服务器端,我得到了未转义的字符串,所有%20
转换为空格,并且字符串被打断了。
According to source code of Resteasy , it "Keeps encoded values "%..." and template parameters intact". 根据Resteasy的源代码 ,它“保留编码的值“%...”和模板参数完整”。 But I haven't found any word in the JEE docs about this behavior.
但是我没有在JEE文档中找到有关此行为的任何消息。
Should I escape my string before adding it as a parameter? 在将其添加为参数之前,是否应该转义我的字符串?
What escaper should I use to be sure that it escapes all of "%..." and template parameters
, and everithing it escapes in a parameter is successfully unescaped by server? 我应该使用哪种逃逸器来确保它逃逸了所有
"%..." and template parameters
,并且无论逃逸到参数中的哪个逃逸符都能成功地被服务器撤消?
The solution for standard JAX-RS WebTarget
is to not apply parameters directly but apply them as template parameters. 标准JAX-RS
WebTarget
的解决方案是不直接应用参数,而是将其作为模板参数应用。
Response response = new ResteasyClientBuilder()
.build()
.target(UriBuilder.fromPath("https://foo.bar"))
.queryParam("url", "{urlTemplate}")
.resolveTemplate("urlTemplate", "http://hostname.com/The%20URL%20with spaces.jpg")
.request()
.get();
First, we add some template {urlTemplate}
as a parameter value, and then render this template with the real value. 首先,我们添加一些模板
{urlTemplate}
作为参数值,然后使用实际值呈现此模板。
WebTarget
always assumes that the given parameter as a possible template, and doesn't escape some characters WebTarget
始终假定给定参数为可能的模板,并且不会转义某些字符
But .resolveTemplate()
guarantees escaping of all characters that should be escaped 但是
.resolveTemplate()
保证转义所有应该转义的字符
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.