On Thu, Jun 4, 2026 at 3:08 PM Mark Thomas <[email protected]> wrote: > > On 04/06/2026 11:47, Mark Thomas wrote: > > On 04/06/2026 10:59, Rémy Maucherat wrote: > >> On Thu, Jun 4, 2026 at 11:01 AM Mark Thomas <[email protected]> wrote: > >>> On 04/06/2026 07:59, Rémy Maucherat wrote: > >>>> Hi, > >>>> > >>>> There are some discrepancies in URL encoding in the request dispatcher > >>>> for jakarta.servlet.include.context_path. > >>>> - Request.getContextPath is URL encoded, this is settled > >>>> - jakarta.servlet.forward.context_path saw a bug come in some time > >>>> ago, and it was switched to being URL encoded > >>>> - jakarta.servlet.include.context_path remains in the decoded camp, > >>>> but there's some mixed matching with a comparison with a > >>>> request.getContextPath, which is incorrect (lines 698, 701 and 703) > >>>> > >>>> The specification language is not very clear. > >>>> "These attributes are accessible from the included servlet via the > >>>> getAttribute method on the > >>>> request object and their values must be equal to the request URI, > >>>> context path, servlet path, > >>>> mapping, path info, and query string of the included servlet, > >>>> respectively." > >>>> > >>>> I would think "jakarta.servlet.include.context_path" should be URL > >>>> encoded, rather than decoded as it is now, with changes to be made to > >>>> lines 387 and 703 to use context.getEncodedPath(). > > <snip/> > > > Can I have a little more time to (try and) get my head around this code. > > My sense is that there is a simple solution to the issue that I can't > > quite because of the naming. > > I think I have a solution that works for all current versions. > > It works because the jakarta.servlet.include.context_path attribute is > set from the target context of the include - so it is effectively > canonical - unlike the value from the request which can vary. > > There is the option to switch to the standard (decoded) path in 12.0.x > but that could be a follow-on fix. > > Patch (if the list allows it) attached.
+1, it looks good for all branches. In the context of Tomcat 12, I would then consider reverting it plus https://github.com/apache/tomcat/commit/4f1b667f15e6ed46d8704687dab5da73e7404552 but we can think about it for later. Rémy > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
