cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 27802] - EncodeURLTransformer encodes off site links
Date Sun, 28 Mar 2004 18:42:00 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=27802>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=27802

EncodeURLTransformer encodes off site links





------- Additional Comments From gregw@mortbay.com  2004-03-28 18:41 -------
I'm not so sure this is a Jetty bug and that tomcat is trying to do a
bit more than the spec is asking for.

The problem with not encoding "off site" links is how to work out what is
an offsite link!

If I'm serving a request to www.acme.com and there is a link to acme.com,
is that offsite? What about www.acme.com:80 and there is a 
link to www.acme.com:8080.

If the server tries to be clever and not-encode what it thinks are 
offsite links, then how does the programmer who actually knows that it
is not offsite (or is sharing session IDs for SSO etc.) get the session
ID encoded?

I'm going to raise this with the expert panel to try and get a bit of
clarity.

Mime
View raw message