Woellchen commented on PR #687: URL: https://github.com/apache/tomcat/pull/687#issuecomment-1932841669
Thanks for checking back! The section you are referring to does not really negate my statement however. If I get you right you are talking about this specific thing? > These URIs should be normalized by decoding any percent-encoded octet **that corresponds to an unreserved character** This does not mean that reserved characters can't be decoded or? Maybe we can debate this together to clear my confusion. Let me point out to you the relevant parts of the RFC that I am talking about: **2.4. When to Encode or Decode** > Once produced, a URI is always in its percent-encoded form. That means, a URI should be decoded to properly process it right? > When a URI is dereferenced, the components and subcomponents [...] must be parsed and separated before the percent-encoded octets within those components can be safely decoded, as otherwise the data may be mistaken for component delimiters. This has been done, my change only affects the path component of the whole scheme. That means the components were already separated and decoding can take place, also for delimiters. Note that decoding unreserved characters can optionally happen anytime earlier: > [...] percent-encoded octets corresponding to characters in the unreserved set, which **can be decoded at any time**. Also check the example from **5.4. Reference Resolution Examples**: A base URI of `http://a/b/c/d;p?q` and a relative path of `g;x=1/../y` should resolve to `http://a/b/c/y`. One more note to parent directories, as they are totally valid and should be normalized as well. Just to clear this up, taken from **3.3. Path**: > The path segments "." and "..", also known as dot-segments, are defined for relative reference within the path name hierarchy [...] to indicate relative position within the hierarchical tree of names. This is similar to their role within some operating systems' file directory structures to indicate the current directory and **parent directory**, respectively. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org