Does anyone know if Shindig is doing any validation of container IDs? There are two problems I have noticed.
1. Container IDs cannot have colons ":" in them. This causes errors in the authentication filter which I think is having trouble parsing the parts of the security token because it is using a colon as a separator. Having additional colons causes errors in the AuthFilter. 2. Container IDs need to be safe enough to be placed within a URL. Specifically in DefaultServiceFetcher.retrieveServices we create a security token which typically takes the form container:encodedToken. If the container id has a space in it for example this will cause Uri.parse to throw an exception. There may be other places like this in the code, I have't looked. For #1 I think we should be validating there are no colons in the IDs and throwing an exception when a container with a colon is contributed. For #2 we could encode the ST part of the URL, but I am not sure if that could cause problems with the ST itself, I don't think it should though. Anyone have any thoughts on this? -Ryan
