https://bz.apache.org/bugzilla/show_bug.cgi?id=66548
--- Comment #6 from Christopher Schultz <ch...@christopherschultz.net> --- (In reply to Remy Maucherat from comment #4) > This could break things if someone we find out that clients have been using > random values there instead of faithfully implementing the specification. This is an RFC-MUST situation, so I think it's okay to enforce it. Maybe we implement this in Tomcat 11 and 10.1 but wait to back-port to 9.0/8.5 until after a few releases to see if we break anything. (In reply to Mark Thomas from comment #3) > The changes required for c) are such that it would be simpler just to do the > decode. One point in favor of "validating" the string without decoding it is avoiding the buffer-allocation that would come along with decoding string->bytes. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
