DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=27802>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=27802 EncodeURLTransformer encodes off site links ------- Additional Comments From [EMAIL PROTECTED] 2004-03-28 18:41 ------- I'm not so sure this is a Jetty bug and that tomcat is trying to do a bit more than the spec is asking for. The problem with not encoding "off site" links is how to work out what is an offsite link! If I'm serving a request to www.acme.com and there is a link to acme.com, is that offsite? What about www.acme.com:80 and there is a link to www.acme.com:8080. If the server tries to be clever and not-encode what it thinks are offsite links, then how does the programmer who actually knows that it is not offsite (or is sharing session IDs for SSO etc.) get the session ID encoded? I'm going to raise this with the expert panel to try and get a bit of clarity.
