[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [servlet-dev] Spec section 3.5.2 item 8
|
On 07/11/2024 23:14, Greg Wilkins wrote:
Greg,
Mark,
You are right, but I think the wording is a bit complex and hides a
slightly inconsistent outcome. Clause 8 says:
... If a segment contains the "/" or "%" characters, and the
container is configured to not reject the request for containing an
encoded "/", then the container should re-encode those characters to
the %nn form. If any characters are re-encoded, then the "%" must
also be re-encoded.
I read this so that if the container is configured to reject the request
for containing and encoded "/" then the container should re-encode and
the result should be "/foo/b%25r", otherwise it should not and the
result will be "/foo/b%r".
I agree the wording could be clearer. I also agree that your
interpretation (that re-encoding is always required if encoded "/" is
allowed) is correct.
So the result returned is different depending on a configuration that is
kind of orthogonal to this URI.... but I can see why we re encode IFF a
segment may contain "/". Perhaps the text would be clearer as:
... If a segment contains the "/" or "%" characters, then the
container should re-encode those characters to the %nn form if and
only if the container is configured to not reject the request for
containing an encoded "/".
I like the direction this is heading in. I think we could be even
clearer with something like:
... If the container is configured not to reject URIs containing an
encoded "/" then all instances of "/" and "%" in the individual segments
must be %nn encoded before concatenating them.
Cheers,
Mark