Affects: master
I'm trying to load a resource with path resolved to:
- path: file:../../web/node_modules/@fortawesome/fontawesome-free/css/all.css
- encoded resource url: file:../../web/node_modules/%40fortawesome/fontawesome-free/css/all.css
The resource exists and is readable.
I have configured spring.web.resources.static-locations=file:../../web/
During validation, PathResourceResolver checks if isInvalidEncodedPath by checking if it contains encoded .. or ../.
This check fails, even if my resource doesn't contain those encoded strings, leading to resource not found.
The following check is bad, because my path contains ../ in encoded form, so it will still contain ../ when decoded:
https://github.com/spring-projects/spring-framework/blob/fed1a426b6bcb78abeefdbef62077af75e52713c/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java#L298-L301
Comment From: cdalexndr
This issue is not reproductible with resources inside jar. Only in my dev env, where I load resources directly from file path.
Comment From: Nidhi-Tanwar14
Can you try using a workaround by skipping the validation check for the special cases i.e. resources with special char using a custom resourceresolver
Comment From: snicoll
This issue is not reproductible with resources inside jar.
I am not sure I got that. That shouldn't have ../ surely so I wonder how that's relevant. Can you share a small sample that we can run ourselves to reproduce the behavior you've described? You can attach a zip to this issue or push the code to a separate GitHub repository. Thank you.
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: spring-projects-issues
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.