Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Incomplete
-
5.0.11
-
None
-
None
Description
TapestryInternalUtils.escapePercentAndSlash escapes the Percent and Slash characters using URL encoding. This confuses Jetty, and could confuse browsers and other servers because of unknown times of encoding/decoding done by browsers and servers...
I propose to change the constants in TapestryInternalUtils:
private static final String ENCODED_PERCENT = "%25";
private static final String ENCODED_SLASH = "%2F";
to use a different escape character, maybe one of the unreserved characters: "-", "_", ".", "~"; then make sure to encode that character as well..
so ENCODED_PERCENT would be ~25, ENCODED_SLASH would be ~2F
and we would add ENCODED_TILDE to be ~7E