diff options
author | Jon Marius Venstad <jonmv@gmail.com> | 2022-04-06 13:13:33 +0200 |
---|---|---|
committer | Jon Marius Venstad <jonmv@gmail.com> | 2022-04-06 13:13:33 +0200 |
commit | 04ed009f4c08daf8d0ce0ac4380d96da1bfe4192 (patch) | |
tree | d67dd118c49c7469c509415fa3779d8972e50fe5 /container-core/src/main/java/com/yahoo/restapi | |
parent | 51535b82b7b6e7516144980d424410615a026037 (diff) |
Disallow ? and # as well, in default path segment validator
Diffstat (limited to 'container-core/src/main/java/com/yahoo/restapi')
-rw-r--r-- | container-core/src/main/java/com/yahoo/restapi/HttpURL.java | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/container-core/src/main/java/com/yahoo/restapi/HttpURL.java b/container-core/src/main/java/com/yahoo/restapi/HttpURL.java index c4cc575940d..9705b6f0e40 100644 --- a/container-core/src/main/java/com/yahoo/restapi/HttpURL.java +++ b/container-core/src/main/java/com/yahoo/restapi/HttpURL.java @@ -150,10 +150,12 @@ public class HttpURL { } } - /** Require that the given string (possibly decoded multiple times) contains no {@code '/'}, and isn't either of {@code "", ".", ".."}. */ + /** Require that the given string (possibly decoded multiple times) contains none of {@code '/', '?', '#'}, and isn't either of {@code "", ".", ".."}. */ public static String requirePathSegment(String value) { while ( ! value.equals(value = decode(value, UTF_8))); require( ! value.contains("/"), value, "path segment decoded cannot contain '/'"); + require( ! value.contains("?"), value, "path segment decoded cannot contain '?'"); + require( ! value.contains("#"), value, "path segment decoded cannot contain '#'"); return Path.requireNonNormalizable(value); } @@ -171,9 +173,9 @@ public class HttpURL { this.validator = requireNonNull(validator); } - /** Creates a new, empty path, with a trailing slash. */ + /** Creates a new, empty path, with a trailing slash, using {@link HttpURL#requirePathSegment} for segment validation. */ public static Path empty() { - return empty(__ -> { }); + return empty(HttpURL::requirePathSegment); } /** Creates a new, empty path, with a trailing slash, using the indicated validator for segments. */ |