UriTemplate reserved expansion should not escape reserved characters

[cHengstler]

UriTemplate.expand should not escape reserved characters in values for reserved expansion (e.g., templates of the form "{+var}").

According to section of 3.2.3 Reserved Expansion: {+var}, reserved character should not be escaped.
Level 2 templates add the plus ("+") operator, for expansion of values that are allowed to include reserved URI characters (Section 1.5).

Example code:

    @Test
    public void testExpandTemplates_reservedExpansion_shouldNotEscapeReservedCharSet() {

        var genDelims = ":/?#[]@";
        var subDelims = "!$&'()*+,;=";
        var reservedSet = genDelims+subDelims;

        var requestMap = Map.of("var", reservedSet);

        assertThat(UriTemplate.expand("{+var}", requestMap, false), is(reservedSet));

        // Expected: is ":/?#[]@!$&'()*+,;="
        //     but: was ":/?%23%5B%5D@!$&'()*+,;="
        
    }

[suztomo]

@cHengstler Do you observe problems when you use Google services due to this bug? If so, would you write some code that we can reproduce the problem?

[cHengstler]

@suztomo, Thanks for your reply.

To reproducte the bug, I've already provided a test case in the description of this issue.
Allow me to add another example with a more realistic case

Lets say I define a url template https://www.example.com/{+resourceWithFragment}.
The resourceWithFragment literal can contain a fragment like page.html#section1.

The expectation would be that the UriTemplate.expand method produces a valid URL where the fragment is not encoded. This is indicated by the + operator (reserved expansion) according to RFC6570.

Unfortunately the result is: https://www.example.com/page.html%23section1 which does not work in browsers as expected.

    public String expandTemplate() {

        String template = "https://www.example.com/{+resourceWithFragment}";
        Map requestMap = Map.of("resourceWithFragment", "page.html#section1");

        return UriTemplate.expand(template, requestMap, false);
    }

[suztomo]

The priority of the bug depends on how much suffer from it when using a real Google service rather than test cases. Which Google service do you have problem with?

[cHengstler]

We are using this component directly within our project as a maven dependency.

[suztomo]

It's good that you're not suffering from problem with Google service. We may revisit this issue in future.

[cHengstler]

Hi @suztomo
I could contribute with an PR to solve the issue.
Would that speed up the process?

Thanks
Christian

[suztomo]

Yes, that's helpful. That would clarify the change you have mind.

https://github.com/googleapis/google-http-java-client/blob/main/CONTRIBUTING.md

[cHengstler]

Hi @suztomo,

is there any chance to consider the PR #1844

Thanks & best regards
Christian

[suztomo]

I havent’t checked that pull request yet. Thank you for heads up.

[suztomo]

I merged #1844. We may have other tasks to include next release. Give me 1 week.

[cHengstler]

I merged #1844. We may have other tasks to include next release. Give me 1 week.

That's great, thanks @suztomo.

[suztomo]

@cHengstler Your change was released as 1.43.2 https://central.sonatype.com/artifact/com.google.http-client/google-http-client/1.43.2 Thank you for contribution.