Message-Id: <199512201138.LAA13510@chacal.noc.demon.net> From: firstname.lastname@example.org (James R Grinter) Date: Wed, 20 Dec 1995 11:38:03 +0000 In-Reply-To: Jon Wallis <email@example.com> To: Jon Wallis <firstname.lastname@example.org>, BearHeart/Bill Weinman <BearHeart@bearnet.com>, email@example.com Subject: Re: partial URLs ? (was <p> ... </p>) On Wed 20 Dec, 1995, Jon Wallis <firstname.lastname@example.org> wrote: >At 13:19 19/12/95 -0600, BearHeart/Bill Weinman wrote: >> >> The problem with the parial URLs may be the "../" references. >> >> Some servers, and perhaps some browsers too, disallow them because >>they've been abused to get around security measures. > >That really shouldn't be a problem if the system is set up right - but since >so many systems are poorly set up in terms of security I can believe it. > >However, it doesn't make sense to stop a browser using relative URLs, since >the browser on its own can't pose a security threat. Also, not being able Indeed. The spec specifies that relative/partial urls will work, and the valid forms. (You can do "./" rather than having to use "index.html" or other uglyness, for example). Servers do indeed drop '..' parts so that someone can't try and reference a document outside the 'document tree'. That's only wise. A browser not implementing relative URLs is broken. -- jrg.