https://bz.apache.org/bugzilla/show_bug.cgi?id=69135
--- Comment #2 from Mark Thomas <ma...@apache.org> --- My reading of the JSP specification is that both examples are currently not specification compliant. The references are a little circular but the key ones seem to be: https://jakarta.ee/specifications/pages/4.0/jakarta-server-pages-spec-4.0#the-include-directive https://jakarta.ee/specifications/pages/4.0/jakarta-server-pages-spec-4.0#relative-url-specifications https://jakarta.ee/specifications/pages/4.0/jakarta-server-pages-spec-4.0#including-data-in-jsp-pages My reading of the above is that the file attribute of the include directive is either: - relative (doesn't start with /) to the current file - absolute (does start with /) which is taken from the context root That means that the absolute example in your test case that uses "/META-INF/include.jspf" shouldn't work. A related question is can a relative path step out of a JAR file and - if it can - where does it end up. My own view is that this should not be allowed. The JAR should be self-contained. This issue might need some clarifications from the Jakarta Pages project but before we start a discussion at Eclipse, lets see if anyone has a different interpretation of the specification. It is always possible I missed some relevant sections in my review of the current spec. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
