- From: James R Grinter <jrg@demon.net>
- Date: Wed, 20 Dec 1995 11:38:03 +0000
- To: Jon Wallis <j.wallis@wlv.ac.uk>, BearHeart/Bill Weinman <BearHeart@bearnet.com>, www-html@w3.org
On Wed 20 Dec, 1995, Jon Wallis <j.wallis@wlv.ac.uk> wrote: >At 13:19 19/12/95 -0600, BearHeart/Bill Weinman wrote: >> >> The problem with the parial URLs may be the "../" references. >> >> Some servers, and perhaps some browsers too, disallow them because >>they've been abused to get around security measures. > >That really shouldn't be a problem if the system is set up right - but since >so many systems are poorly set up in terms of security I can believe it. > >However, it doesn't make sense to stop a browser using relative URLs, since >the browser on its own can't pose a security threat. Also, not being able Indeed. The spec specifies that relative/partial urls will work, and the valid forms. (You can do "./" rather than having to use "index.html" or other uglyness, for example). Servers do indeed drop '..' parts so that someone can't try and reference a document outside the 'document tree'. That's only wise. A browser not implementing relative URLs is broken. -- jrg.
Received on Wednesday, 20 December 1995 06:38:19 UTC