Sanitize request fragment in ResourceUrlEncodingFilter

Prior to this change, ResourceUrlEncodingFilter would try to resolve
the resource path using request URL without removing fragment first,
whereas only paths should be used.

This commit synchronizes behavior of ResourceUrlEncodingFilter with
behavior of ResourceUrlProvider.

Issue: SPR-17535
This commit is contained in:
Ondrej Kraus
2018-11-23 18:34:37 +01:00
committed by Rossen Stoyanchev
parent 82eb82a040
commit 959cf61647
2 changed files with 38 additions and 4 deletions

View File

@@ -173,4 +173,30 @@ public class ResourceUrlEncodingFilterTests {
});
}
@Test // SPR-17535
public void encodeURLWitFragment() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo");
request.setContextPath("/");
MockHttpServletResponse response = new MockHttpServletResponse();
this.filter.doFilter(request, response, (req, res) -> {
req.setAttribute(ResourceUrlProviderExposingInterceptor.RESOURCE_URL_PROVIDER_ATTR, this.urlProvider);
String result = ((HttpServletResponse) res).encodeURL("/resources/bar.css#something");
assertEquals("/resources/bar-11e16cf79faee7ac698c805cf28248d2.css#something", result);
});
}
@Test // SPR-13374 and SPR-17535 combined
public void encodeURLWitFragmentAndRequestParams() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo");
request.setContextPath("/");
MockHttpServletResponse response = new MockHttpServletResponse();
this.filter.doFilter(request, response, (req, res) -> {
req.setAttribute(ResourceUrlProviderExposingInterceptor.RESOURCE_URL_PROVIDER_ATTR, this.urlProvider);
String result = ((HttpServletResponse) res).encodeURL("/resources/bar.css?foo=bar&url=http://example.org#something");
assertEquals("/resources/bar-11e16cf79faee7ac698c805cf28248d2.css?foo=bar&url=http://example.org#something", result);
});
}
}