Echo: Can't unescape multi byte path parameters

Created on 26 Apr 2018  ·  11Comments  ·  Source: labstack/echo

/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
/ / / / / / / / / / / / / / / / / /

Please use forum https://forum.labstack.com to ask questions!

/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
/ / / / / / / / / / / / / / / / / /

Issue Description

c.Params can't unescape when the parameter is a small case percent encoded string like %e3%81%93%e3%82%93%e3%81%ab%e3%81%a1%e3%82%8f
but it can unescape a big case like %E3%81%93%E3%82%93%E3%81%AB%E3%81%A1%E3%82%8F

With default template engine in Go escapes multi byte in href to small case percent encoded string automatically, so we can't get unescaped string.

The cause is here.
In the case of a small case, r.RawPath becomes /%e3%81%93%e3%82%93%e3%81%ab%e3%81%a1%e3%82%8f so we get a escaped parameter. but in the case of a big case, r.RawPath becomes empty so we get a unescaped parameter from r.Path
Example playground

Checklist

  • [x] Dependencies installed
  • [x] No typos
  • [x] Searched existing issues and docs

Expected behaviour

We can get a unescaped path parameter.

Actual behaviour

We can get a escaped path parameter.

Steps to reproduce

Passing small case percent encoded string as path parameter.

Working code to debug

package main

import (
    "net/http"

    "github.com/labstack/echo"
)

func main() {
    e := echo.New()
    e.GET("/:tag", func(c echo.Context) error {
        return c.String(http.StatusOK, c.Param("tag"))
    })
    e.Logger.Fatal(e.Start(":1323"))
}

Access to localhost:1312/%e3%81%93%e3%82%93%e3%81%ab%e3%81%a1%e3%82%8f and localhost:1323/%E3%81%93%E3%82%93%E3%81%AB%E3%81%A1%E3%82%8F
then we can get different responses %e3%81%93%e3%82%93%e3%81%ab%e3%81%a1%e3%82%8f and こんにちわ

Version/commit

f867058e3ba4fa4504e3ca976b31012db3ce1555

bug wontfix

All 11 comments

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

This should be fixed to normalize paths by framework-side. I think it's better to keep this issue open.

Yup, this looks like a bug. And I agree that the bug is the automatic unescape. Since this "thing" is marked as a parameter, the handler should receive the data exactly as is, it is not the job of the framework to interpret the data in behalf of the user.

Thoughts about this @vishr @im-kulikov ?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

So which side should unescape a url, framework-side or user-side?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Hmm... it seems that there is no strong motivation to choose the design.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

I notice that @bookun's PR #1242 was automatically closed by a bot recently. Is this bug "wontfix"? @vishr

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

danielbprice picture danielbprice  ·  23Comments

im-kulikov picture im-kulikov  ·  43Comments

andreiavrammsd picture andreiavrammsd  ·  32Comments

zzwx picture zzwx  ·  14Comments

mandeepbrar picture mandeepbrar  ·  22Comments