[
https://issues.apache.org/jira/browse/SLING-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13870820#comment-13870820
]
Bertrand Delacretaz edited comment on SLING-1158 at 1/14/14 3:37 PM:
---------------------------------------------------------------------
This is similar to requesting page.badSelector.html, where checking for all
possible values of badSelector can get expensive.
We could introduce an optional SelectorValidator service and let users supply
implementations that can reject requests based on their selectors. You could
then reject any request that has an empty selector for this case, restrict the
space of which selectors you accept in your system, restrict requests that have
more than N selectors, etc.
This might actually already be possible with a Sling Filter that checks the
current request's selectors and returns 404 if they are not ok.
was (Author: bdelacretaz):
This is similar to requesting page.badSelector.html, where checking for all
possible values of badSelector can get expensive.
We could introduce an optional SelectorValidator service and let users supply
implementations that can reject requests based on their selectors. You could
then reject any request that has an empty selector for this case, restrict the
space of which selectors you accept in your system, restrict requests that have
more than N selectors, etc.
> page.....html resolves to same resource as page.html
> ----------------------------------------------------
>
> Key: SLING-1158
> URL: https://issues.apache.org/jira/browse/SLING-1158
> Project: Sling
> Issue Type: Bug
> Components: ResourceResolver
> Reporter: Mark Baker
> Priority: Trivial
>
> If /page.html resolves, then /page..html or /page............html also
> resolves to the same resource. I expect this is just a consequence of having
> an empty string as a selector, but probably unintended behaviour.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
