You are viewing a plain text version of this content. The canonical link for it is here.
Posted to taglibs-dev@jakarta.apache.org by bu...@apache.org on 2005/12/07 00:31:10 UTC
DO NOT REPLY [Bug 32335] -
c:url does not Encode unsafe characters
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32335>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=32335
pierre.delisle@sun.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From pierre.delisle@sun.com 2005-12-07 00:31 -------
Walter,
<c:url> has been spec'ed to only do URL rewriting.
More specifically, the JSTL spec says:
"The rewriting must be performed by calling method encodeURL()
of the Servlet API."
And the servlet spec does not make any provision to encode
any special character.
public String HttpServletResponse.encodeURL(String url)
This method encodes (rewrites) the specified URL to include the
session ID and returns the new URL, or, if encoding is not needed
or not supported, it leaves the URL unchanged. The rules used to
decide when and how to encode a URL are server-specific. All URLs
emitted by a servlet should be run through this method. Note that
this encodeURL( ) method could more properly have been named
rewriteURL( ) so as not to be confused with the URL encoding
process that encodes special characters in URL strings.
The call to URLEncoder.encode() must be done explicitely.
However, I do agree it would be convenient if <c:url> not only
did the rewriting, but the encoding as well. Not clear to me why
the Expert Group did not think of this at the time.
I've submitted an RFE to the JSTL spec so it can be considerered.
See:
https://jstl-spec-public.dev.java.net/issues/show_bug.cgi?id=22
Thanks! -- Pierre
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: taglibs-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: taglibs-dev-help@jakarta.apache.org