Reputation: 9241
Do colons require encoding in URI query parameters?
I've noticed that Java's UriBuilder isn't encoding the : characters included in my query parameter values (ISO 8601-formatted strings).
According to Wikipedia, it seems colon should be encoded.
In particular, encoding the query string uses the following rules:
- Letters (A-Z and a-z), numbers (0-9) and the characters '.','-','~' and '_' are left as-is
- SPACE is encoded as '+' or %20[citation needed]
- All other characters are encoded as %FF hex representation with any non-ASCII characters first encoded as UTF-8 (or other specified encoding)
So, what's the deal? Should colons in query parameters be encoded or not?
Update:
I looked up the URI Syntax spec (RFC 3986) and it looks like encoding colons in query params really isn't necessary. Here's an excerpt from the ABNF for URI:
URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
query = *( pchar / "/" / "?" )
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
pct-encoded = "%" HEXDIG HEXDIG
sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "=
Upvotes: 32
Views: 25151
Answers (2)
Reputation: 6739
There's no UriBuilder in the Java SDK, it is defined by JAX-RS. It's documentation states query parameters should be URL encoded, other components are encoded using RFC 3986.
Builder methods perform contextual encoding of characters not permitted in the corresponding URI component following the rules of the
application/x-www-form-urlencodedmedia type for query parameters and RFC 3986 for all other components
However, the Jersey implementation of JAX-RS doesn't play by this spec, and encodes everything according to RFC 3986. It is a bug, see the JIRA ticket.
Upvotes: 5
Reputation: 10685
Yes, they should be encoded in a query string. The correct encoding is %3A
However, I can understand why UriBuilder isn't encoding :. You don't want to encode the colon after the protocol (eg http:) or between the username and password (eg ftp://username:[email protected]) in an absolute URI.
Upvotes: 12
Related Questions
- Are colons allowed in URLs?
- Should I url encode a query string parameter that's a URL?
- Which parts of a URL must be encoded?
- HTTP URL - allowed characters in parameter names
- Passing special character as part of URI parameter
- Should I encode names of parameters in a query string of a URI?
- System.Uri and encoded colon (:)
- Is there a spec for nested urlencoded params[]?
- URIencode and colon
- Is encoding of the query string needed?