From: Vincent: At 16.11.2015, 13:23 [...] > > > > > > Personally I prefer a third option: > > - disallow '/' and '\' in page names completely when creating / renaming > > pages > > - in the UI, if the user enters these characters to add (or rename), scrap > > them from the page name, or replace then by '-' (they will still show up in > > the title) > > and create a new page with the name without the slashes > > - make this configureable, like 'xwiki.pagename.forbiddenchars=/\\' > > and then people who are able to set up their servlet container to allow > > slashes can empty that config variable. > This covers only a portion of all the use cases, unless you also want to > disable “.”, “:”, “@“, “^” characters in page names because if you don’t then > they’ll be escaped in serialized references which can surface in the URL (as > shown by http://jira.xwiki.org/browse/XWIKI-11528 and by the URL format I’m > proposing for Zip URLs. The reference URL scheme is also affected obviously, > see http://design.xwiki.org/xwiki/bin/view/Design/AlternateURLScheme).
I didn't mean to say that with my proposal no URL Encoding or other escaping need to happen at all, or no escaping in entity references. Of course something like that will need to happen, unless one has a pretty long list of "forbidden" stuff, which will not be user-friendly. The only part I tried to address is the problem that by default tomcat and apache's httpd do not allow slashes - encoded or not - in the URL. I am not sure why the other chars come in here now. If they get properly escaped / unescaped they should not cause problems. Clemens _______________________________________________ devs mailing list devs@xwiki.org http://lists.xwiki.org/mailman/listinfo/devs
