Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [servlet-dev] Clarification per #18 - draft for review

The text makes it seem more of a URI _Path_ Canonicalization.

First thing that jumps out at me is the do not decode `%2F` and `%2C` lines.
Did you mean `%2C` (comma ",")?
Perhaps you meant `%25` (percent symbol "%")

Also what about a unicode sequence that ends in those two?
What about someone that wants to access a resource (on the filesytem or in a META-INF/resources) that has `/path;of/some;thing/like;this/main.css`?  The only way to access that is using encoded %3B, right?
Now what if it's stored on disk (or META-INF/resources) like `/path%3Bof/some%3Bthing/like%3Bthis/main.css`? That would mean accessing it with `%253B` encoded percent then "3B", right? (have to be careful of double-decode here, as usual)
Why only `%2F` (forward slash "/") and not also `%5C` (backslash "\")?  Seems like that has multiple meanings too. (windows pathsep, escaping, etc)
The META-INF/resources layer in JAR files makes things ambiguous here too. (you can create a JAR file with backslash character in the filename on Linux, but cannot access it on Windows, and vice-versa with the forward slash character).

On Fri, Oct 1, 2021 at 5:59 AM Mark Thomas <markt@xxxxxxxxxx> wrote:
Hi all,

The draft of the proposed clarification for URI canonicalization is on
the wiki:

Feedback welcome.

servlet-dev mailing list
To unsubscribe from this list, visit

Back to the top