Template URI Variables with newline %0A or %0D are not matched #23252
Labels
in: core
Issues in core modules (aop, beans, core, context, expression)
in: web
Issues in web modules (web, webmvc, webflux, websocket)
type: enhancement
A general enhancement
Milestone
Affects: 5.1.8.RELEASE
The
AntPathMatcher
does not match strings containing newlines\n
or\r
when encoded as%0A
or%0D
for template URI variables. This is due to AntPathMatcher using defaulting matching regex of(.*)
, which matches all characters except newline characters.For instance the controller (using spring boot):
Would match
but
would return HTTP 404 Not Found with no context on the error with no opportunity to give a more helpful error message. Specifically from the default
ErrorController
:This can be worked around by manually specify a DOTALL modifier flag in every path param.
E.g.
But I think it would make sense if the
AntPathMatcher
did this by default, and I consider it a bug as normal path matching behavior, outside of template variables, would happily match newline or carriage returns.The text was updated successfully, but these errors were encountered: