shouldn't return relative path such as ../ or ./ in redirect response
---------------------------------------------------------------------
Key: WICKET-1751
URL: https://issues.apache.org/jira/browse/WICKET-1751
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.3.3
Reporter: Kent Tong
Wicket uses ".." and "." when generating urls which are sent to the browser as
redirects
(eg, in WebRequestCodingStrategy.encode() and WebResponse.encodeURL()).
However, such relative path components are only meaningful within a document
and
only when the browser is resolving URI references to absolute URIs. As what is
in the
redirect is a URI, not a URI reference and there is no enclosing document, so
".." and
"." have no special meaning.
The reason why it has worked so far is probably because common browsers are
going beyond the spec to interpret ".." and ".". However, it fails miserably
with clients
like htmlunit.
The solution is that Wicket should resolve the relative path components itself
and
return absolute URIs to the browser.
Quote from RFC239:
Within a relative-path reference, the complete path segments "." and
".." have special meanings: "the current hierarchy level" and "the
level above this hierarchy level", respectively. Although this is
very similar to their use within Unix-based filesystems to indicate
directory levels, these path components are only considered special
when resolving a relative-path reference to its absolute form
(Section 5.2).
Quote from RFC2616:
303 See Other
The response to the request can be found under a different URI and
SHOULD be retrieved using a GET method on that resource. This
method exists primarily to allow the output of a POST-activated script
to redirect the user agent to a selected resource. The new URI is not a
substitute reference for the originally requested resource.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
