@FormParam truncated for embedded ' in content Apache Wink

Question

I admit we are doing something silly by using a url encoded form to send an XML document in a single variable (linefeeds converted to spaces, and content escaped), but this is to accommodate a client that can only send form data.

When one of the strings in the escaped XML content contained an apostrophe

&apos;

the parsing of the request body stops and does not return the remainder of the variable. Of course, this creates a problem because the XML document we retrieve is incomplete.

What is the proper way to pass an apostrophe in a form parameter when the receiver is using the Apache Wink JAX-RS libraries?

A line like this:

        <decisionspace  title="Traffic Study" details="Discuss the Rivertowns Square projects impact on traffic" />

works fine, but a line like this:

        <decisionspace  title="Traffic Study" details="Discuss the Rivertowns Square project&apos;s impact on traffic" />

is truncated after "Square project"

The characters being escaped are:

"&" becomes "&amp;"
"\"" (double quote) becomes "&quot;"
"'" (single quote) becomes "&apos;"
"<" becomes "&lt;"
">" becomes "&gt;"
bytes < 0x20 or > 0x7f" become "&#nnn;"

Nathaniel Mills · Answer 1 · 2012-06-19T16:44:11.303

After doing some more digging, it appears that the form parameters are stored in a MultivaluedMap (formParameters) and, the ampersand was interpreted as a value separator (as in a query string) so the call to formParameters.get(getName()) only returns up to that position (displaying the formParameter value shows the mulitple values separated by commas in the toString()). I suspect when the request body was interpreted to fill the formParameter map, it parsed the value as a query string and separating the content at each ampersand.

I'm certain with a different escape mechanism so the ampersand is a %26 or something so it takes the entire line as a single string that I'll be all set.

I guess it all depends on the perspective of the parser in any given context and for form params it is thinking query string formatting (of course).

In retrospect, the MediaType application/x-www-form-urlencoded should have provided the clue... — Nathaniel Mills, Jun 19 '12 at 16:50
Using URLEncoder.encode(requestValue,"UTF-8") at the client, and URLDecoder.decode(formParamValue,"UTF-8") at the server did the trick. — Nathaniel Mills, Jun 19 '12 at 19:01

score 0 · Answer 2 · answered Jun 19 '12 at 17:04

0

Form parameters are separated using &. You should escape the content in the same way you do it for URLs and not for XML/HTML.

answered Jun 19 '12 at 17:04

Tarlog

10,024
2
43
67

@FormParam truncated for embedded ' in content Apache Wink

2 Answers2