Support semicolon as a normal character in URI (no longer a parameter separator)
See original GitHub issueExpected result
According to the 2014 W3C Recommendation, semicolon is now illegal as a parameter separator in a http URI.
?foo=bar;baz
means the parameter foo
will have the value bar;baz
see https://www.w3.org/TR/2014/REC-html5-20141028/forms.html#url-encoded-form-data (thanks to https://stackoverflow.com/questions/3481664/semicolon-as-url-query-separator)
Current result
The URI decoder now supports the obsolete 1999 W3C recommendation
?foo=bar;baz
is decoded as ?foo=bar & baz=
(see QueryStringDecoder.java, line 230 : case '&': case ';':
both characters are handled equally)
Netty version
tested (through vert.x) on 1.4.19
JVM version (e.g. java -version
)
1.8.0_60
OS version (e.g. uname -a
)
Windows i686-pc Intel
Of course this issue is linked to #3044 and #2896, but as the norm changed, I suppose it’s better to open a new issue
Issue Analytics
- State:
- Created 5 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Semicolon as URL query separator - Stack Overflow
for web servers to support semicolon as a separator of URL query items (in addition to ampersand), it does not seem to be...
Read more >I found (and fixed) a vulnerability in Python - Brian Lovin
It parses path parameters (not to be confused with IRL parameters aka ... and Tornado still honoring a semi-colon as a separator in...
Read more >T238285 Pages whose title ends with semicolon (;)
ATS is using a semi colon as a separator between the URL path and the URL params, ... or number sign ("#") character,...
Read more >4. Designing URIs - RESTful Web Services Cookbook [Book]
These characters are valid in the path and query portions of URIs, but not all code libraries recognize the comma and semicolon as...
Read more >URL-Encoding of "semicolon" - Online
About. (*) These options cannot be enabled simultaneously since the resulting output would not be valid for the majority of applications. Safe and...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I suppose you mean: if my server is Netty and uses
QueryStringDecoder
, I have to encode semicolons manually soQueryStringDecoder
doesn’t mess up with parsing, as URI.toString() won’t encode them (which is expected).This is a low hanging fruit so it would be a perfect ft for a first PR indeed 😃
1/ exactly! 2/ I have some docs to read first… 😃