[API Policies] Prompt Template Policy Issue

## Overview

Double URL decoding vulnerability in query parameter processing leads to incorrect parameter values and malformed prompts.

---

## Issue Details

### Double URL Decoding of Query Parameters

**File:** `prompttemplate.go` (lines 186-202)

**Description:**
The code performs double URL decoding on query parameter values. The `url.ParseQuery` function already returns URL-decoded values, but the code then calls `url.QueryUnescape` on `values[0]`, causing incorrect double-decoding.

**Example:**
```
Original: %2520 (URL-encoded %20)
ParseQuery: %20 (first decode)
QueryUnescape: (space character) (second decode - INCORRECT)
```

**Proposed Fix:**
Remove the `url.QueryUnescape` call since `url.ParseQuery` already handles decoding.

**Impact:**
Template parameters will have incorrect values, leading to malformed prompts and potential security issues.

## Reference
- https://github.com/wso2/gateway-controllers/pull/1#:~:text=%F0%9F%9F%A0%20Major%20comments%20(20,1%2D13%20(1)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[API Policies] Prompt Template Policy Issue #695

Overview

Issue Details

Double URL Decoding of Query Parameters

Reference

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[API Policies] Prompt Template Policy Issue #695

Description

Overview

Issue Details

Double URL Decoding of Query Parameters

Reference

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions