CODEWITHSUNDEEP
xpathxqueryexist-db
jbrehr
jbrehr

Reputation: 815

XQuery decoding HTTP request - unable to parse query

In XQuery 3.1 (under eXist-db 4.4) I receive search requests to the a controller where I create a parameter docset from the URL's query string text:

else if (starts-with(lower-case($exist:path), "/search")) then
  <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
    <forward url="{$exist:controller}/search.html"/>
      <view>
        <forward url="{$exist:controller}/modules/view.xql">
          <add-parameter name="docset" 
                  value="{search:search-term-cleaner(request:get-parameter("text","norequest"))}"/> 
          <add-parameter name="pagetype" value="search"/>
        </forward>
      </view>
  </dispatch>

I clean any incoming such requests to /search?text="" to permit only certain characters into the search query:

declare function search:search-term-cleaner($text as xs:string?) as xs:string?
{
    let $cleanterm := replace($text,'[^A-Za-z\+*0-9]', '')

    return $cleanterm
};

There are two problems, under two slightly different scenarios:

  1. If the request comes in /search?text=some%+text the site complains with

org.eclipse.jetty.http.BadMessageException: 400: Unable to parse URI query java.lang.IllegalArgumentException: Not valid encoding '%+t'

  1. If the request comes in /search?text=some+text, the controller passes through sometext without the permitted + sign

Googling this has not lead me to a solution, but I am not experienced in managing HTTP parsing and may not understand the problem enough to search for the solution.

This is via local host http://localhost:8081/exist/apps/.

Upvotes: 1

Views: 1376

Answers (2)

Joe Wicentowski
Joe Wicentowski

Reputation: 5294

When getting parameters via request:get-parameter() you don’t need to unescape parameters that are URI-encoded. %20 and + are automatically handed to you as space characters.

Upvotes: 1

duncdrum
duncdrum

Reputation: 733

functions such as util:unescape-uri and escape-uri are your friends. Since the string you are working with gets send over http it will undergo escaping. You can find out more about available escaping functions by searching for escape in the function documentation

for more elaborate operations consider normalize-unicode

Upvotes: 1

Related Questions