On Thu, Dec 27, 2001 at 10:13:07AM -0800, Chuck Esterbrook wrote:
> On Wednesday 26 December 2001 09:56 am, Mike Orr wrote:
> > Is this a bug or a feature? ?Arguably it's what ExtraPathInfo is
> > "supposed" to do, but it *is* surprising, since I wouldn't expect
> > index.py to be silently inserted in the middle of a URL. ?If it is
> > a feature, I'll just document it in the Troubleshooting section of
> > the Wiki.
> I believe this has been discussed before and was considered a feature.
> > What options are there for protecting servlets from this abuse?
> > ?Besides turning off ExtraPathInfo, I mean, since I may want it for
> > another portion of the site. ?The only things I can think of are:
> > ????????1) have every servlet display an error if extra path info !=
> > ''. ?
> Maybe that wouldn't be too hard since you could put this in your
Hmm, it would have to be someplace where it could be overridden, for the
servlets that do use ExtraPathInfo.
> > ????????2) don't worry, be happy. ?But any relative links on such a
> > page will contain that path junk and so will loop back to that page.
> > ?(Echoes of the Twilight Zone's "Judgement Day" episode...)
> Hey, that's always good advice. ;-)
> And I guess the ultimate solution as usual, is "url decoding" hooks in
> WebKit so you can do whatever you like.
What do you mean by "url decoding" hooks?
-Mike (Iron) Orr, iron@... (if mail problems: mso@...)
http://iron.cx/ English * Esperanto * Russkiy * Deutsch * Espan~ol