Skip to Main Content
Feature Request FR-4752
Product Area Page Components
Status CLOSED

4 Voters

Avoid Sending Encoded JSON Data -Curly Braces (%7B, %7D)- in GET Requests for Report Downloads

balu.kolla Public · Dec 18 2025

Idea Summary
Oracle APEX should avoid sending JSON data containing curly braces ({}, encoded as %7B and %7D) in GET requests, particularly for report download functionality. These characters are not URL-safe and are commonly blocked by web servers, proxies, or security filters due to their potential use in injection attacks or malformed requests.

Use Case
Reports download options such as Excel and HTML. For Ex, Browsers use the following URL format to download reports data in excel.

https://xx.xx.xxx.xx/xxx/wwv_flow.ajax?p_flow_id=100&p_flow_step_id=700&p_instance=13608134092192&p_debug=&p_json=%7B%22regions%22%3A%5B%7B%22id%22%3A%2237835467738870288%22%2C%22reportId%22%3A%22108685872188518734%22%2C%22ajaxIdentifier%22%3A%22UkVHSU9OIFRZUEV-fjM3ODM1NDY3NzM4ODcwMjg4%2FaT4VU90zQvA1v2xHbbOv-A3X8Km59JEM1gkpE0sDN5DFfqXhsDMAxMLbcKMSo92MktRW5_C3e5skMWqPTrQPXg%22%2C%22downloadFileId%22%3A%2274322660870837127%22%7D%5D%2C%22salt%22%3A%2265830388788623794348841590794484694357%22%7D&p_context=135:700:13608134092192

We reviewed this idea carefully, and while it was interesting, we concluded that due to all the internal implications we need to take into account, it is unlikely to make its way into APEX.