What steps will reproduce the problem?
see sample code
String orig = "http://abc.com?custno=75&product=ANLYZR1";
String esapiDecode = ESAPI.encoder().decodeFromURL(orig);
System.out.println("ESAPI decode 2: " + esapiDecode);
What is the expected output? What do you see instead?
I expect the same url as the orig url to be presented .. Instead i see the
following ESAPI decode 2: http://abc.com?custno=75?uct=ANLYZR1
notice the @prod got dropped and became ?uct
What version of the product are you using? On what operating system?
2.0.1
Does this issue affect only a specified browser or set of browsers?
All browsers affected
Please provide any additional information below.
What I have found if i change the product to pr8duct and i get the result as
&pr8duct
I have narrowed it down to the Cannonilize method and especially the
percentcodec
Original issue reported on code.google.com by vansu...@gmail.com on 10 Jun 2013 at 12:07
Original issue reported on code.google.com by
vansu...@gmail.comon 10 Jun 2013 at 12:07