url-decode blowing up on encoded $, that is %24 #2

jamieorc opened this Issue Jun 12, 2012 · 3 comments


None yet

2 participants


(V 1.1.0, Clojure 1.3)

Here's a minimal failing test case:

(percent-decode "%24")


(percent-decode (percent-encode "$"))

And here's a monkey patch to demonstrate a fix:

(with-redefs [ring.util.codec/double-escape (ƒ [x] (.replace (.replace x "\\" "\\\\") "$" "\\$"))  ] (percent-decode "%24"))

Exception from calling url-decode:

Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String index out of range: 3
at java.lang.String.charAt(String.java:686)
at java.util.regex.Matcher.appendReplacement(Matcher.java:711)
at clojure.string$replace_by.invoke(string.clj:58)
at clojure.string$replace.invoke(string.clj:82)
at ring.util.codec$percent_decode.doInvoke(codec.clj:31)
at clojure.lang.RestFn.invoke(RestFn.java:423)
at ring.util.codec$url_decode.doInvoke(codec.clj:51)
at clojure.lang.RestFn.invoke(RestFn.java:410)

Thanks to Chris Hapgood with whom I worked to figure this out.


You can show this bug in the tests by adding

(is (= (percent-decode "%24") "$"))

to deftest test-percent-decode in ring.util.test.codec in ring-core.

Working on a patch now.


Applied patch. Thanks for the fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment