tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: cvs commit:jakarta-tomcat/src/examples/WEB-INF/classes/examples ShowSource.java
Date Sun, 10 Dec 2000 03:41:24 GMT
Jon Stevens wrote:

> on 12/9/2000 7:07 PM, "craigmcc@locus.apache.org"
> <craigmcc@locus.apache.org> wrote:
>
> > +            (jspFile.toUpperCase().indexOf("/WEB-INF/") != 0) ||
> > +            (jspFile.toUpperCase().indexOf("/META-INF/") != 0))
>
> Seems like it would be better to define this as a constant somewhere...
>
> public static final String WEB_INF = "/WEB-INF";
>

I suppose, although there's only one place within the core servlet container
that these directories are significant (in the module that handles static
resources), so a constant would only be used once.

In the case at hand, this is an *application* level component (the ShowSource
custom tag used on the "source.jsp" page, inherited back from JSDK 2.1 days)
that is deliberately ignoring the restrictions of the servlet spec, and you
would not want to make compiling it dependent on the servlet container core
classes anyway ...

>
> Also, I think you should remove the trailing / because the extra character
> comparison isn't needed and could cause issues if it isn't there (although
> it probably wouldn't be...). :-)

Your suggestion would mean I could not have a directory "WEB-INF-stuff" or
"META-INF-data" in my webapp treated like any other directory.  That's going
beyond protecting people and into the realm of infringing their freedom :-).

>
> -jon
>
> --
> Honk if you love peace and quiet.

Craig

Mime
View raw message