Craig,
From: [EMAIL PROTECTED]
Subject: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util RequestUtil.java
Date: 17 Mar 2001 20:52:50 -0000
Message-ID: <[EMAIL PROTECTED]>
> Modified: src/share/org/apache/tomcat/context Tag: tomcat_32
> DefaultCMSetter.java
> src/share/org/apache/tomcat/util Tag: tomcat_32
> RequestUtil.java
I found the handleContextNotFound method that also output HTML codes
in ContextManager.java (but I don't know this method is used in the
current version).
> class RedirectHandler extends ServletWrapper {
> @@ -459,7 +460,7 @@
> append("</h1>\r\n").
> append(sm.getString("defaulterrorpage.thisdocumenthasmoved")).
> append(" <a href=\"").
> - append(location).
> + append(RequestUtil.filter(location)).
> append("\">here</a>.<p>\r\n</body>\r\n");
This "location" variable is used as a href attribute value of an "a"
element. In general, URL encode is done instead of HTML encode(?).
Would you check these points?
Kazuhiro Kazama ([EMAIL PROTECTED]) NTT Network Innovation Laboratories