Uploaded image for project: 'HttpComponents HttpClient'
  1. HttpComponents HttpClient
  2. HTTPCLIENT-1927

URLEncodedUtils#parse breaks at double quotes when parsing unquoted values



      Assume a query string like a=b"c&d=e

      The expected mapping for that query string, would reasonably be expected to be

      [a=b"c, d=e]

      Actual result using httpcore 4.4.9 is


      Example code:

      import java.nio.charset.StandardCharsets;
      import org.apache.http.client.utils.URLEncodedUtils;
      class QueryParser {
          public static void main(String[] args) {
              System.out.println(URLEncodedUtils.parse("a=b\"c&d=e", StandardCharsets.UTF_8, '&'));

      Using URLEncodedUtils from httpclient uses the TokenParser in httpcore.
      After successfully parsing the name (a), the value is parsed using the parseValue(CharArrayBuffer, ParserCursor, BitSet)[link] method.

      The first character being neither a delimiter nor a double quote, ends up calling copyUnquotedContent(CharArrayBuffer, ParserCursor, BitSet, StringBuilder)[link] which ends up returning when the double quote is reached ([link]) instead of when the delimiter is reached.

      parseValue then continues parsing the value but as quoted content this time (because the now current position is a quote character). Copying quoted content reasonably does not break on the delimiter set, but this ends up consuming the rest of the query string.

      Other URI parsers parse the URI in the expected format, such as with Python.

      Python 3.6.1 (default, Mar 23 2017, 13:04:44) [GCC] on linux
      Type "help", "copyright", "credits" or "license" for more information.
      >>> import urllib.parse
      >>> urllib.parse.parse_qs('a=b"c&d=e')
      {'a': ['b"c'], 'd': ['e']}

      Although I haven't explicitly tested with httpcore5, the code for TokenParser appears equivalent to 4.4.9.




            • Assignee:
              kadeem.hassam_unbounce Kadeem Hassam
            • Votes:
              0 Vote for this issue
              4 Start watching this issue


              • Created: