Skip to content
This repository was archived by the owner on Nov 20, 2018. It is now read-only.

Encoding plus sign makes no difference #964

Closed
PawelTroka opened this issue Nov 12, 2017 · 5 comments
Closed

Encoding plus sign makes no difference #964

PawelTroka opened this issue Nov 12, 2017 · 5 comments

Comments

@PawelTroka
Copy link

PawelTroka commented Nov 12, 2017
edited
Loading

Basically this issue is kind of similar to #912, except it's about plus sign ('+') and this time it does not only affects TestHost but shows up also when hosted.

It does not work correctly on TestHost or when hosted and invoked through web browser or any web client for that matter.

It is failing my integration tests where I am using Microsoft.AspNetCore.TestHost v2.0.0 and Microsoft.AspNetCore.WebUtilities v2.0.0. Please notice that my WebApi and WebApi.IntegrationTests are AspNetCore 2.0 but are targeting net461 (due to some of my libraries not yet ported).

Repro:
Unit test:
https://github.com/PawelTroka/Computator.NET/blob/97b666341bf8a9b21fb9dc59f94528ccf830a931/Computator.NET.WebApi.IntegrationTests/CalculateApiTests.cs#L42
Goes through route:
real/{equation}/{x} from method:
https://github.com/PawelTroka/Computator.NET/blob/97b666341bf8a9b21fb9dc59f94528ccf830a931/Computator.NET.WebApi/Controllers/CalculateController.cs#L34
But because encoding plus sign makes no difference we have equation with unencoded plus sign

In images:

When run through browser:
We type encoded url
image
What reaches our controller however is already decoded
image
So when we are decoding it in another overload of Get(..) we will attempt to decode already decoded expression, which will make us replace plus sign ('+') with space (' ').

The same happens in test:
image
image

Also note that this exists at least from AspNetCore v1.1
@Tratcher
Copy link
Member

This is intentional, everything in the path is unescaped so you can operate on it. Forward slash is the only character that can't be unescaped without changing the meaning of the path. Why are you converting plus to space? That's not an expected form of un-escaping for request paths. That only applies to form urlencoded content.

@PawelTroka
Copy link
Author

PawelTroka commented Nov 13, 2017
edited
Loading

It being intentional indeed solves plus sign issues, however then why I'm getting spaces encoded as pluses when not decoding it myself?

test:
https://github.com/PawelTroka/Computator.NET/blob/6a5e9976a32cca3084f35d09ebfbcbb0a7a16e58/Computator.NET.WebApi.IntegrationTests/CalculateApiTests.cs#L116
image

debug:
https://github.com/PawelTroka/Computator.NET/blob/6a5e9976a32cca3084f35d09ebfbcbb0a7a16e58/Computator.NET.WebApi/Controllers/CalculateController.cs#L32
image

@Tratcher
Copy link
Member

Try Uri.EscapeDataString instead.

@PawelTroka
Copy link
Author

PawelTroka commented Nov 13, 2017
edited
Loading

Yes! It works now! Why is it so different than WebUtility.UrlEncode and how can I be sure that clients (written in totally different languages like JavaScript) will correctly escape it?

@muratg muratg modified the milestones: Backlog, Discussions Nov 13, 2017
@aspnet-hello aspnet-hello mentioned this issue Jan 2, 2018
Closed
@aspnet-hello
Copy link

This issue was moved to dotnet/aspnetcore#2683

@aspnet aspnet locked and limited conversation to collaborators Jan 2, 2018
@aspnet-hello aspnet-hello removed this from the Discussions milestone Jan 2, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@muratg @Tratcher @PawelTroka @aspnet-hello