[Bug 60594] RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites

[bu...@apache.org]

https://bz.apache.org/bugzilla/show_bug.cgi?id=60594

--- Comment #29 from Jeff <je...@quotemedia.com> ---
I would like to ask for the ^ character. I'm not sure how to make a case for
this. Its kind of important for us because we have been using this to denote
financial indexes (similar to yahoo finance) and we have a large number of
client installs that would all have to change to enforce uri encoding.

This is basically holding up our migration to Tomcat.

I think it would be preferable if we could select whatever characters we want
to override. Its our site and we are the ones responsible for the security and
functionality. Every entity that uses Tomcat might need different characters
for different reasons. It would be easier to transition if they had access to
an override. Clearly the default should be to override nothing but some sites
are going to need this or that character to transition.

I could ask to have our clients url encode everything but realistically that
could take years to complete.

I would prefer that this exemption be extended rather that having to hack the
code base on our own as security updates would be more timely.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org