https://bz.apache.org/bugzilla/show_bug.cgi?id=58859
--- Comment #3 from Konstantin Kolinko <knst.koli...@gmail.com> --- Chris, the cache has evolved into a static preloaded set some time ago (since r1140156), it is not updated at runtime. The issue here is that client-provided charset name is used for processing both of client-provided data and application-provided data (e.g. forward() processing code touched by the recent fix to bug 58836). Application-provided data usually has some assumptions that the client-provided charset is sane (e.g. superset of US-ASCII). I just am not sure that this assumption is true for all charsets implemented by a JRE - I do not know all of them. E.g. current Java 8 implements 170 charsets, some of which have names starting with "x-". It is easy to enforce the charset (via SetCharacterEncodingFilter), but that will break the whole ability to specify a charset for a client. It is possible to implement a similar Filter that checks the provided charset name (probably over some whitelist). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
