From 485cac87ff4f9790c8a82083a2afee50aedc70ed Mon Sep 17 00:00:00 2001 From: dxbjavid Date: Wed, 3 Jun 2026 11:34:44 +0530 Subject: [PATCH] return null for malformed input in UrlDecoderStringLookup --- .../apache/commons/text/lookup/UrlDecoderStringLookup.java | 3 +++ .../commons/text/lookup/UrlDecoderStringLookupTest.java | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/src/main/java/org/apache/commons/text/lookup/UrlDecoderStringLookup.java b/src/main/java/org/apache/commons/text/lookup/UrlDecoderStringLookup.java index 0aabf06b8e..807a07ce2d 100644 --- a/src/main/java/org/apache/commons/text/lookup/UrlDecoderStringLookup.java +++ b/src/main/java/org/apache/commons/text/lookup/UrlDecoderStringLookup.java @@ -58,6 +58,9 @@ public String lookup(final String key) { final String enc = StandardCharsets.UTF_8.name(); try { return decode(key, enc); + } catch (final IllegalArgumentException e) { + // Malformed input such as an incomplete "%" escape; squelch and return null like the other lookups. + return null; } catch (final UnsupportedEncodingException e) { // Can't happen since UTF-8 is required by the Java specification. throw IllegalArgumentExceptions.format(e, "%s: source=%s, encoding=%s", e, key, enc); diff --git a/src/test/java/org/apache/commons/text/lookup/UrlDecoderStringLookupTest.java b/src/test/java/org/apache/commons/text/lookup/UrlDecoderStringLookupTest.java index a6b218b80a..a53366ca79 100644 --- a/src/test/java/org/apache/commons/text/lookup/UrlDecoderStringLookupTest.java +++ b/src/test/java/org/apache/commons/text/lookup/UrlDecoderStringLookupTest.java @@ -54,6 +54,12 @@ void testExclamation() { assertEquals(DATA, UrlDecoderStringLookup.INSTANCE.apply("Hello%20World!")); } + @Test + void testMalformedEscapeReturnsNull() { + assertNull(UrlDecoderStringLookup.INSTANCE.apply("%")); + assertNull(UrlDecoderStringLookup.INSTANCE.apply("%E0%")); + } + @Test void testNull() { assertNull(UrlDecoderStringLookup.INSTANCE.apply(null));