usenet_spam at janc.invalid
Mon Nov 10 07:54:26 CET 2003
"Ben Allfree" <benles at bldigital.com> schreef:
> Virtual root - C:\foo\baz\wwwroot
> URL - <a href="\..\..\baz\wwwroot\grop.html">
> Should resolve to C:\foo\baz\wwwroot\baz\wwwroot\grop.html
According to RFC-2396 this should resolve to:
The ".." above are real path segments/directory names and don't have the
special "go up 1 level" meaning.
IMHO for web servers that map URL path segments to local paths this should
result in an HTTP error (when ".." is not allowed on the local filesystem).
They also mention that in practice your solution is in use by some parsers,
so people might not be too surprised by its functioning... ;-)
"Be strict when sending and tolerant when receiving."
RFC 1958 - Architectural Principles of the Internet - section 3.9
More information about the Python-list