Cannot get '#' symbol in Controller using Spring @RequestParam

Question

I have the following request Url /search?charset=UTF-8&q=C%23C%2B%2B. My controller looks like

@RequestMapping(method = RequestMethod.GET, params = "q")
public String refineSearch(@RequestParam("q") final String searchQuery,....

and here i have searchQuery = 'CC++'. '#' is encoded in '%23' and '+' is '%2B'. Why searchQuery does not contain '#'?

searchQuery in debug

Answer 1

I resolved a similar problem by URL encoding the hash part. We have Spring web server and mix of JS and VueJS client. This fixed my problem:

const location = window.location;
const redirect = location.pathname + encodeURIComponent(location.hash);

Answer 2

Finally i found a problem.In filters chain ServletRequest is wrapped in XSSRequestWrapper with DefaultXSSValueTranslator and here is the method String stripXSS(String value) which iterates through pattern list,in case if value matches with pattern, method will delete it. Pattern list contains "\u0023" pattern and '#' will be replaced with ""

DefaultXSSValueTranslator.
    private String stripXSS(String value) {
        Pattern scriptPattern;
        if (value != null && value.length() > 0) {
            for(Iterator var3 = this.patterns.iterator(); var3.hasNext(); value = scriptPattern.matcher(value).replaceAll("")) {
                scriptPattern = (Pattern)var3.next();
            }
        }

        return value;
    }

Answer 3

The main cause is known as the "fragment identifier". You find more detail for Fragment Identifier right here. It says:

The fragment identifier introduced by a hash mark # is the optional last part of a URL for a document. It is typically used to identify a portion of that document.

When you write # sign, it contains info for clientbase. Put everything only the browser needs here. You can get this problem for all types of URI characters you can look Percent Encoding for this. In my opinion The simple solution is character replacing, you could try replace in serverbase.