On Thu, Dec 27, 2001 at 10:13:07AM -0800, Chuck Esterbrook wrote: > On Wednesday 26 December 2001 09:56 am, Mike Orr wrote: > > Is this a bug or a feature? ?Arguably it's what ExtraPathInfo is > > "supposed" to do, but it *is* surprising, since I wouldn't expect > > index.py to be silently inserted in the middle of a URL. ?If it is > > a feature, I'll just document it in the Troubleshooting section of > > the Wiki. > > I believe this has been discussed before and was considered a feature. > > > > What options are there for protecting servlets from this abuse? > > ?Besides turning off ExtraPathInfo, I mean, since I may want it for > > another portion of the site. ?The only things I can think of are: > > ????????1) have every servlet display an error if extra path info != > > ''. ? > > Maybe that wouldn't be too hard since you could put this in your > SitePage.
Hmm, it would have to be someplace where it could be overridden, for the servlets that do use ExtraPathInfo. > > ????????2) don't worry, be happy. ?But any relative links on such a > > page will contain that path junk and so will loop back to that page. > > ?(Echoes of the Twilight Zone's "Judgement Day" episode...) > > Hey, that's always good advice. ;-) > > > And I guess the ultimate solution as usual, is "url decoding" hooks in > WebKit so you can do whatever you like. What do you mean by "url decoding" hooks? -- -Mike (Iron) Orr, [EMAIL PROTECTED] (if mail problems: [EMAIL PROTECTED]) http://iron.cx/ English * Esperanto * Russkiy * Deutsch * Espan~ol _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
