0

I have created a RestResource API class with GET method. It is supposed to accept the email passed as an input via the query string, and perfom logic based on that email received.

It all worked fine until I received an input that consists of special character '+' in the email.

Email passed as query string : test@[email protected] Email showing in debug logs : test@test [email protected]

And because of that the entire flow breaks down and the desired result is not obtained.

Can anyone please suggest what could be done to resolve this issue?

Improve this question
1
  • 1
    Passing emails in via a query string sounds like the seeds of a data breach waiting to happen. If you're planning on making this public, you should carefully consider the security implications (e.g. this API you're making could expose the fact that certain email addresses are either used or not used). Knowing that [email protected] is not available means that's one less piece of information an attacker needs to guess (and is a driving reason behind why login pages tend not to tell you that the email is wrong, but rather that "the email or password is wrong") Commented Jul 28, 2021 at 14:09

1 Answer 1

Reset to default
4

+ is a "reserved character" in URLs; it represents a space character. Also, @ is a reserved character. To pass in a literal +, use %2B, and for @, use %40, as in:

test%40test%2814%40gmail.com

There are other characters you need to look out for, too. See Percent Encoding for more details.

Also, generally speaking, any Unicode character that doesn't fit in a single byte also needs to be encoded with percent encoding as well.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.