I believe ticket
UNDERTOW-2312 has has caused a regression my users have reported. When they are using the
ALLOW_UNESCAPED_CHARACTERS_IN_URL setting, Undertow has now started DOUBLE decoding query parameters. That means a URL such as:
localhost?id=foo%2Bbarwhich used to correctly result in a query parameter value of
foo+barnow incorrectly creates a query parameter value of
foo barNote the
%2B is now double-decoded into a space instead of being single-decoded into a plus sign. I also don't understand why this setting would even affect decoding, as it's supposed to just be for allowing unescaped chars in the URL. It shouldn't be causing anything to be decoded at all. Any feedback on this?
Thanks!
~Brad