Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple slash sanitisation should be optional in UriComponentsBuilder #34076

Open
dpozinen opened this issue Dec 11, 2024 · 0 comments
Open

Multiple slash sanitisation should be optional in UriComponentsBuilder #34076

dpozinen opened this issue Dec 11, 2024 · 0 comments
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: waiting-for-triage An issue we've not yet triaged or decided on

Comments

@dpozinen
Copy link

The primary reason for this issue is spring-cloud/spring-cloud-gateway#2795 which under the hood uses UriComponentsBuilder. See this comment specifically: spring-cloud/spring-cloud-gateway#2795 (comment)

In the context of #14904 and #17006 there have been changes made to sanitise multiple consecutive slashes and replace them via a single slash:

spring-framework/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java

Lines 881 to 891 in 78f28fd

private static String getSanitizedPath(final StringBuilder path) {
int index = path.indexOf("//");
if (index >= 0) {
StringBuilder sanitized = new StringBuilder(path);
while (index != -1) {
sanitized.deleteCharAt(index);
index = sanitized.indexOf("//", index);
}
return sanitized.toString();
}
return path.toString();

Technically, there is no restriction on multiple consecutive slashes - those are valid urls, so I think that adding the option of preserving those in UriComponentsBuilder would be a good thing, and would solve the mentioned gateway issue.

What do you think?
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Dec 11, 2024
@bclozel bclozel added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: waiting-for-triage An issue we've not yet triaged or decided on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bclozel @spring-projects-issues @dpozinen