return null for malformed input in UrlDecoderStringLookup

[dxbjavid]

UrlDecoderStringLookup.lookup only catches UnsupportedEncodingException, so a malformed percent-escape like ${urlDecoder:%} lets URLDecoder.decode throw IllegalArgumentException straight out of StringSubstitutor.replace on the default interpolator. The sibling decoder lookups already swallow that: FunctionStringLookup catches IllegalArgumentException and returns null, so ${base64Decoder:!} just resolves to nothing. Catch it here too and return null so malformed untrusted input decodes consistently.

[garydgregory]

This needs further study since the all lookups in this package might handle certain exception inconsistently while others should propagate exceptions (and already do).

[dxbjavid]

had a proper read through the package before replying. on bad input the lookups split into two camps:

• value transforms that squelch to null so the interpolator can fall through to a default: base64Decoder/base64Encoder via FunctionStringLookup (catches IllegalArgumentException), resourceBundle (MissingResourceException), dns and inetAddress (UnknownHostException), constant (Exception).
• operational lookups that deliberately surface failures as IllegalArgumentException: script, url, file, properties, xml. those load or run something so propagating reads as correct, and i've left all of them untouched.

urlDecoder belongs in the first camp next to its closest sibling base64Decoder, which already returns null on malformed input. at the moment it's the odd one out: it handles the UnsupportedEncodingException path but lets URLDecoder.decode's IllegalArgumentException on a bad percent-escape (${urlDecoder:%}) propagate straight out of StringSubstitutor.replace, whereas ${base64Decoder:!} just resolves to nothing. the patch only brings urlDecoder in line with that, so nothing in the propagate camp changes.

i also checked urlEncoder for symmetry, but URLEncoder.encode doesn't throw IllegalArgumentException on arbitrary input so it doesn't need the same guard.