- From: Nico Williams <nico@cryptonector.com>
- Date: Fri, 1 Feb 2013 18:07:38 -0600
- To: Eliezer Croitoru <eliezer@ngtech.co.il>
- Cc: ietf-http-wg@w3.org
On Fri, Feb 1, 2013 at 4:49 PM, Eliezer Croitoru <eliezer@ngtech.co.il> wrote: > I have a question: > What a *path* starting with "//" effect is? > can it harm something? Possibly. POSIX allows // to be special (because some OSes used to treat that differently than just an absolute path). You might get special handling of the first component (it's a server name!) or whatever. But nowadays POSIXy systems all (I think) treat that the same as just one /. On Windows \\ -> UNC, and / is often mapped to \\, so yes, it might cause harm. but it depends in part on what the web server does with such a path -- it needn't be a filesystem path, after all, or it might be taken to be relative to another path (doc root), in which case // means nothing special on POSIXy systems (POSIX doesn't allow special meaning for // except at the front of a path). So.... in conclusion, I think // is mostly harmless. Nico --
Received on Saturday, 2 February 2013 00:08:02 UTC