You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Larry Isaacs <La...@sas.com> on 2001/03/20 20:06:17 UTC
RE: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util R
equestUtil.java
> I found the handleContextNotFound method that also output HTML codes
> in ContextManager.java (but I don't know this method is used in the
> current version).
>
I committed this fix. Thanks for letting us know.
> > class RedirectHandler extends ServletWrapper {
> > @@ -459,7 +460,7 @@
> > append("</h1>\r\n").
> >
> append(sm.getString("defaulterrorpage.thisdocumenthasmoved")).
> > append(" <a href=\"").
> > - append(location).
> > + append(RequestUtil.filter(location)).
> > append("\">here</a>.<p>\r\n</body>\r\n");
>
> This "location" variable is used as a href attribute value of an "a"
> element. In general, URL encode is done instead of HTML encode(?).
>
The "location" is supposed to already be encoded, so encoding again
would do harm. If it is encoded, RequestUtil.filter() shouldn't
need to change anything, so I didn't change this one.
Cheers,
Larry