static {
try {
HTTP = "HTTP/1.".getBytes("ASCII");
HTTP_LENGTH = HTTP.length;
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
for(int i = 0; i < 256; ++i) {
if(i < 32 || i > 126) {
ALLOWED_TARGET_CHARACTER[i] = false;
} else {
switch ((char)i) {
case '\"':
case '#':
case '<':
case '>':
case '\\':
case '^':
case '`':
case '{':
case '|':
case '}':
ALLOWED_TARGET_CHARACTER[i] = false;
break;
default:
ALLOWED_TARGET_CHARACTER[i] = true;
}
}
}
}
public static boolean isTargetCharacterAllowed(char c) {
return ALLOWED_TARGET_CHARACTER[c];
}
public static final Option<Boolean> ALLOW_UNESCAPED_CHARACTERS_IN_URL = Option.simple(UndertowOptions.class,"ALLOW_UNESCAPED_CHARACTERS_IN_URL", Boolean.class);
HttpRequestParser.java
if(!allowUnescapedCharactersInUrl && !ALLOWED_TARGET_CHARACTER[next]) {
throw new BadRequestException(UndertowMessages.MESSAGES.invalidCharacterInRequestTarget(next));
}
when http://localhost:3000/some?jn={zhege:12,name:%22feng%22} private static final String BAD_REQUEST = "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\n\r\n";
HttpRequestParser.java if(!allowUnescapedCharactersInUrl && !ALLOWED_TARGET_CHARACTER[next]) { throw new BadRequestException(UndertowMessages.MESSAGES.invalidCharacterInRequestTarget(next)); }