- From: Alwin Blok <notifications@github.com>
- Date: Mon, 27 Mar 2017 02:52:36 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 27 March 2017 09:53:11 UTC
Thanks. For the record, I do think the solution is somewhat unsatisfactory. I appreciate the safety issue, but I'm not sure about the tradeoff, nor the effectiveness. Servers that fall for such an attack may fall for `http://example.com/..%2fsensitive_info.txt` as well, for example. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/281#issuecomment-289406903
Received on Monday, 27 March 2017 09:53:11 UTC