Re: partial URLs ? (was <p> ... </p>)

James R Grinter (jrg@demon.net)
Wed, 20 Dec 1995 11:38:03 +0000


Message-Id: <199512201138.LAA13510@chacal.noc.demon.net>
From: jrg@demon.net (James R Grinter)
Date: Wed, 20 Dec 1995 11:38:03 +0000
In-Reply-To: Jon Wallis <j.wallis@wlv.ac.uk>
To: Jon Wallis <j.wallis@wlv.ac.uk>,
        BearHeart/Bill Weinman <BearHeart@bearnet.com>, www-html@w3.org
Subject: Re: partial URLs ? (was <p> ... </p>)

On Wed 20 Dec, 1995, Jon Wallis <j.wallis@wlv.ac.uk> wrote:
>At 13:19 19/12/95 -0600, BearHeart/Bill Weinman wrote:
>>
>>   The problem with the parial URLs may be the "../" references. 
>>
>>   Some servers, and perhaps some browsers too, disallow them because 
>>they've been abused to get around security measures. 
>
>That really shouldn't be a problem if the system is set up right - but since
>so many systems are poorly set up in terms of security  I can believe it.
>
>However, it doesn't make sense to stop a browser using relative URLs, since
>the browser on its own can't pose a security threat.  Also, not being able

Indeed. The spec specifies that relative/partial urls will work, and
the valid forms. (You can do "./" rather than having to use "index.html"
or other uglyness, for example).

Servers do indeed drop '..' parts so that someone can't try
and reference a document outside the 'document tree'. That's only wise.

A browser not implementing relative URLs is broken.

-- jrg.