WebApp Sec mailing list archives
Re: java.net.URI.normalize() problem
From: Garth Somerville <therealgarth () yahoo com>
Date: Fri, 18 Feb 2005 11:19:37 -0800 (PST)
--- Felipe Moreno <fmoreno () gmail com> wrote:
I don't see any reason to use the path instead of decodedPath (other than a bug). Any thoughts?
The behavior is correct. One of the three legitimate reasons characters are escaped in URLs is to *prevent* them from having their normal meaning in the URL. You can't ask the URI class to distinguish the case where the character is encoded to hide its intention to have the normal meaning. If you believe the URI class should threat the following as being the same URL: http://foo.com/A/B http://foo.com/A%2FB then what do you think it should do with these two? http://foo.com/A?hello/there http://foo.com/A%3Fhello/there Should they have the same meaning? __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
Current thread:
- java.net.URI.normalize() problem Felipe Moreno (Feb 17)
- Re: java.net.URI.normalize() problem Garth Somerville (Feb 19)
- Re: java.net.URI.normalize() problem Felipe Moreno (Feb 21)
- Re: java.net.URI.normalize() problem Garth Somerville (Feb 19)