[
https://issues.apache.org/jira/browse/WICKET-1627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12596940#action_12596940
]
Johan Compagner commented on WICKET-1627:
-----------------------------------------
WebRequestCodingStrategy.
protected CharSequence encode(RequestCycle requestCycle,
IListenerInterfaceRequestTarget requestTarget)
there we create an url without any encoding
for example i expected more test to fail this is for example an output
StatelessStatefullUrlCodingStrategyTest
and then the file: StatefulPage_QueryString_Result.html
there this is the result:
<a
href="?wicket:bookmarkablePage=%3Aorg.apache.wicket.markup.html.autolink.Index"
wicket:id="indexLink">go to index</a>
<a
href="?wicket:interface=:0:actionLink::ILinkListener::"
wicket:id="actionLink">Link clicked <span wicket:id="linkClickCount">0</span>
times</a>
<form
action="statefull?wicket:interface=%3A0%3Astatelessform%3A%3AIFormSubmitListener%3A%3A"
wicket:id="statelessform" method="post" id="statelessform1"><div
style="display:none"><input type="hidden" name="statelessform1_hf_0"
id="statelessform1_hf_0" /></div>
so you see the frist is a bookmarkable that seems to have encoded
the second is a call that goes through the above encode method and nothing is
done
the third is a mount encoder that does encode the wicket:interface
Why is for example there : in wicket:interface not encoded but it is in the
value? (%3A)
and the question is is it really needed? i like the clean
?wicket:interface=:0:actionLink::ILinkListener::
i guess we should make a few more test also with QueryCoding strategy where the
mount has utf8? and params also have some stuff that needs to be encoded
> AbstractRequestTargetUrlCodingStrategy improper user of URLEncoder.encode
> -------------------------------------------------------------------------
>
> Key: WICKET-1627
> URL: https://issues.apache.org/jira/browse/WICKET-1627
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.1, 1.3.2, 1.3.3, 1.4-M1
> Environment: Tomcat or Jetty (probably others)
> Reporter: Doug Donohoe
> Fix For: 1.4-M2
>
> Attachments: 1627and1624.v2.patch
>
>
> The use of URLEncoder.encode is incorrect in this scenario. The URLEncoder
> is meant for encoding query string values - not values that appear in the
> path portion of a URI.
> Because the AbstractRequestTargetUrlCodingStrategy is used by other classes
> to encode values that appear in the path, problems can occur when that path
> has spaces. For example, the parameter "message with spaces
> and+some+pluses" is encoded as follows in a URL:
> http://localhost:8080/bugs/home/message/message+with+spaces+and%2Bsome%2Bpluses/
> However, the resulting request.getServletPath() call returns this:
> /home/message/message+with+spaces+and+some+plusses=bug/
> Note that the + in the path are not turned back into spaces. This is the
> correct behavior and is seen in both Tomcat and Jetty.
> See the RFC (http://www.ietf.org/rfc/rfc2396.txt) for a full description of
> what should or should not be encoded.
> /**
> * Url encodes a string
> *
> * @param string
> * string to be encoded
> * @return encoded string
> */
> protected String urlEncode(String string)
> {
> try
> {
> return URLEncoder.encode(string,
> Application.get().getRequestCycleSettings()
> .getResponseRequestEncoding());
> }
> catch (UnsupportedEncodingException e)
> {
> log.error(e.getMessage(), e);
> return string;
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
