I have a hash key in one of my query params which can have + char with other special chars. The issue is when this URL is getting decoded URLDecoder converts + char into space. Is there a way we can enforce URLDecoder not to convert '+' into space.
According to HTML URL Encoding Reference:
URLs cannot contain spaces. URL encoding normally replaces a space with a plus (+) sign or with %20.
and +
sign itself must be encoded with %2B
. So if you want to pass your hash as a GET parameter in URL, you should replace plus signs with %2B
in your hash. Do not replace every +
in the entire URL because you might ruin other string parameters which are supposed to contain spaces.
Do this on your string before decoding:
String plusEncoded = yourString.replaceAll("\\+", "%2b")
The decoder will then show +
where it should've been
According to HTML URL Encoding Reference:
URLs cannot contain spaces. URL encoding normally replaces a space with a plus (+) sign or with %20.
and +
sign itself must be encoded with %2B
. So if you want to pass your hash as a GET parameter in URL, you should replace plus signs with %2B
in your hash. Do not replace every +
in the entire URL because you might ruin other string parameters which are supposed to contain spaces.
There is a bug reference similar to this issue, and it's closed as "not an issue". Here I quote what the Assignee had told:
The Java API documentation at https://docs.oracle.com/javase/8/docs/api/java/net/URL.html clearly states that "The URLEncoder and URLDecoder classes can also be used, but only for HTML form encoding, which is not the same as the encoding scheme defined in RFC2396." . This means that it is not meant for URL encoding and will cause issues with spaces and plus signs in the path. Using URL or URI classes to construct the url will give expected results.
URL url = new URL(input);
System.out.println(url.toString()); //outputs http://www.example.com/some+thing
Java's URLDecoder is meant to be used only for "application/x-www-form-urlencoded".
The Java API documentation at https://docs.oracle.com/javase/8/docs/api/java/net/URL.html clearly states that "The URLEncoder and URLDecoder classes can also be used, but only for HTML form encoding, which is not the same as the encoding scheme defined in RFC2396." . This means that it is not meant for URL encoding and will cause issues with spaces and plus signs in the path.
Solution
Instead of using Java's URLDecoder, use any percent encoding library. One such is org.apache.commons.codec.net.PercentCodec
Sample code
PercentCodec percentCodec = new PercentCodec();
String decodedCert = new String(percentCodec.decode("<endoded text>", "UTF-8");
© 2022 - 2024 — McMap. All rights reserved.
+
characters in parameters correctly as%2B
. – Semiconscious+
into%2B
instead... – Parvis