[
http://jira.codehaus.org/browse/DOXIA-431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=268325#action_268325
]
Aaron Digulla commented on DOXIA-431:
-------------------------------------
I have no idea. But from my experience, I'd say that those URLs should already
be encoded. I mean "Image[1].png" is a valid Unix filename. If you want to use
that as a caption, you need escaping.
So maybe the solution is to reject strings which contain invalid characters
close to the input side.
But I saw that you have sanitize methods in some URL helper class in Doxia.
That led me to think that you want to do it there and I don't believe this will
work. Data must be sanitized and validated in the outside interface, not deep
in the code.
> Doxia creates illegal URLs from local paths
> -------------------------------------------
>
> Key: DOXIA-431
> URL: http://jira.codehaus.org/browse/DOXIA-431
> Project: Maven Doxia
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.2
> Reporter: Aaron Digulla
>
> If a local resource contains characters which are illegal in a URL, Doxia
> creates illegal code or crashes.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
