Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [servlet-dev] Spec section 3.5.2 item 8

On 07/11/2024 23:14, Greg Wilkins wrote:

Greg,

Mark,

You are right, but I think the wording is a bit complex and hides a slightly inconsistent outcome.  Clause 8 says:

    ... If a segment contains the "/" or "%" characters, and the
    container is configured to not reject the request for containing an
    encoded "/", then the container should re-encode those characters to
    the %nn form. If any characters are re-encoded, then the "%" must
    also be re-encoded.


I read this so that if the container is configured to reject the request for containing and encoded "/" then the container should re-encode and the result should be "/foo/b%25r", otherwise it should not and the result will be "/foo/b%r".

I agree the wording could be clearer. I also agree that your interpretation (that re-encoding is always required if encoded "/" is allowed) is correct.

So the result returned is different depending on a configuration that is kind of orthogonal to this URI.... but I can see why we re encode IFF a segment may contain "/".   Perhaps the text would be clearer as:

    ... If a segment contains the "/" or "%" characters, then the
    container should re-encode those characters to the %nn form if and
    only if the container is configured to not reject the request for
    containing an encoded "/".

I like the direction this is heading in. I think we could be even clearer with something like:

... If the container is configured not to reject URIs containing an encoded "/" then all instances of "/" and "%" in the individual segments must be %nn encoded before concatenating them.

Cheers,

Mark



Back to the top