Jetty

Redirect URLs use wrong character encoding (ISO-8859-1 instead of UTF-8)

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Won't Fix
  • Affects Version/s: 7.2.0
  • Fix Version/s: 7.3.0, 8.0.0.M3
  • Component/s: None
  • Labels:
    None
  • Number of attachments :
    0

Description

When redirecting to a new url using org.eclipse.jetty.server.Response.sendRedirect(String)
the url string is encoded using ISO-8859-1 instead of UTF-8.

This leads to invalid urls being sent to the redirect target. If this is also a Jetty,
url parsing fails at Utf8StringBuilder:line 119 because of invalid utf-8 bytes.

The problem seems to be
BufferCache$CachedBuffer(ByteArrayBuffer).<init>(String) line: 73

where StringUtil.getBytes is used, instead of the variant with proper UTF-8 encoding

Here's the stack leading to that code:

BufferCache$CachedBuffer(ByteArrayBuffer).<init>(String) line: 73
BufferCache$CachedBuffer(ByteArrayBuffer$CaseInsensitive).<init>(String) line: 420
BufferCache$CachedBuffer.<init>(String, int) line: 120
HttpHeaderValues(BufferCache).lookup(String) line: 93
HttpFields.put(String, String) line: 575
Response.setHeader(String, String) line: 482
Response.sendRedirect(String) line: 443

To reproduce, redirect to a different url using
javax.servlet.http.HttpServletResponse.sendRedirect(String)
with the string containing special chars, such as umlauts (äöü)
or any other ISO-8859-1 character above 127.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Greg Wilkins added a comment -

URLs cannot carry UTF-8 characters. They are strictly speaking in USASCII only.
URLs do however allow % encoding of non USASCII, but it is only a convention that this is UTF-8.

So if you want to send UTF-8 characters, you need to convert them to % encoding yourself before calling sendRedirect.

If sendRedirect did the encoding, then somebody who passed in a correctly % encoded string would find their % double encoded.

Show
Greg Wilkins added a comment - URLs cannot carry UTF-8 characters. They are strictly speaking in USASCII only. URLs do however allow % encoding of non USASCII, but it is only a convention that this is UTF-8. So if you want to send UTF-8 characters, you need to convert them to % encoding yourself before calling sendRedirect. If sendRedirect did the encoding, then somebody who passed in a correctly % encoded string would find their % double encoded.
Hide
Permalink
Jonas added a comment -

I wasn't suggesting sendRedirect should do % encoding, but to use UTF-8 instead of ISO-8859-1 when turning the string into bytes.

It might be true that using UTF-8 is only a convention, but wouldn't it make sense to use the same convention everywhere in Jetty?

Show
Jonas added a comment - I wasn't suggesting sendRedirect should do % encoding, but to use UTF-8 instead of ISO-8859-1 when turning the string into bytes. It might be true that using UTF-8 is only a convention, but wouldn't it make sense to use the same convention everywhere in Jetty?

People

  • Assignee:
    Unassigned
    Reporter:
    Jonas
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: