Sebb created WHIMSY-344:
---------------------------
Summary: Issues with URI.escape
Key: WHIMSY-344
URL: https://issues.apache.org/jira/browse/WHIMSY-344
Project: Whimsy
Issue Type: Bug
Reporter: Sebb
URI.[un]escape have been deprecated, and need to be replaced in Whimsy code.
The suggested replacements are CGI.[un]escape and
URI.[un]encode_www_form_component
AFAICT these only work correctly for form parameters.
Space is escaped to '+', and '+' is unescaped to space.
This is incorrect for the path component, which uses %-encoding only.
Note that the path component allows '+' without encoding.
This clashes with the use of '+' to represent space when encoding form
parameters.
It looks like ERB::Util.url_encode may be OK for encoding path segments.
It encodes more characters than necessary, but at least it only uses %-encoding.
CGI.unescape will correctly decode a path encoded with ERB::Util.url_encode.
However if a path component was encoded without %-encoding '+', CGI.unescape
will incorrectly decode the '+' to space.
URI.unescape uses URI::RFC2396_Parser under the hood, and that has not been
deprecated.
So a possible replacement is URI::RFC2396_Parser.new.unescape(path)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
