Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4396712

javadocs should explain how java.net.URLDecoder would handle illegal strings

XMLWordPrintable

    • beta
    • sparc
    • solaris_2.6



      Name: dfR10049 Date: 12/09/2000



      Javadoc for java.net.URLDecoder states:

          The class contains a utility method for converting from the MIME format called
          x-www-form-urlencoded to a String

          To convert to a String the procedure that is followed is the reverse of that
          used by the URLEncoder class. It is assumed that all characters in the encoded
          string are one of the following: "a" through "z", "A" through "Z",
          "0" through "9", and "-", "_", ".", and "*". The character "%" is allowed but
          is interpreted as the start of a special escaped sequence.

      There is no specification how to decoded strings are in the x-www-form-urlencoded
      format. Javadoc may specify that processing of these strings is implementation
      dependent, or specify the way of processing ("IllegalArgumentException will be
      thrown by decode() if string is not x-www-form-urlencoded formatted", for example).

      In the current implementation incorrect strings are processed in the different way:

      IllegalArgumentException is thrown in some cases, some characters are not changed.
      In some cases, if "%" is last character of character before last of string decode
      method will hang a VM.


      Please see an example demonstrating the bug below:
      ----------- Decoder.java ----------------
      import java.net.*;

      public class Decoder {

         public static void main(String args[]) {

              for (int i = 0; i < args.length; i++) {
                  System.out.println("encoded: " + args[i]);
                  try {
                      String decoded = URLDecoder.decode(args[i]);
                      System.out.println(" decoded: " + decoded);
                  } catch (Exception e) {
                      System.out.println(" exception: " + e);
                  }
                  System.out.println("-------------------------");
              }
          }
      }
      #----------------- output from the test ----------------------

      #> java Decoder "@" "?" "%xy" "%%XY"
      encoded: @
        decoded: @
      -------------------------
      encoded: ?
        decoded: ?
      -------------------------
      encoded: %xy
        exception: java.lang.IllegalArgumentException
      -------------------------
      encoded: %%XY
        exception: java.lang.IllegalArgumentException
      -------------------------


      #> java Decoder %
      encoded: %
        -- VM is hanging --

      #> java Decoder %x
      encoded: %x
        -- VM is hanging --

      #> java Decoder ab%x
      encoded: ab%x
        -- VM is hanging --


      ======================================================================

            jhosunw Jamie Ho (Inactive)
            fdasunw Fda Fda (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: