https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #17 from wansho...@hotmail.com --- (In reply to comment #16) > I have fixed the IAE in trunk and 7.0.x. > > I am leaving this open while I wait for clarification from the Servlet EG as > to how relative URLs passed to encodeURL should be treated. > > See http://java.net/jira/browse/SERVLET_SPEC-43 Tomcat needs to be patched to catch a normalization failure and simply not encode the URL in that case. I totally agree with this solution. Has it been so fixed anywhere? My webapplication generated something like this: https://localhost:3443/vcbs/../../../../../?wicket:interface=:18:::: which absolutely failed the 'within-server-root' test after normalization. I look forward to this being patched in Tomcat. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
