- From: Tyler Close <tyler.close@gmail.com>
- Date: Tue, 18 Oct 2005 18:06:17 -0700
- To: www-tag@w3.org
In the minutes, Roy Fielding tries to reproduce the test case and says that Safari does not send the extra "../" path segments. I also tried this test and got different results from Roy. Using Safari 1.3.1 (v312.3.1) on Mac OS X Version 10.3.9 Build 7W98, I typed "http://localhost/foo/../../../" into the address bar. Safari automatically changed this to "http://localhost/../". On the server side, I received: GET /../ HTTP/1.1 Host: localhost Connection: keep-alive User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/312.5.1 (KHTML, like Gecko) Safari/312.3.1 Accept: */* Accept-Encoding: gzip, deflate Accept-Language: en It doesn't seem to matter how many extra "../" path segments I type in, Safari always sends just the one. According to the Software Update utility, all the software on my iBook is up to date. Both Firefox and IE, produced the request Roy Fielding described. Only Safari sent the extra "../" path segment. Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ Name your trusted sites to distinguish them from phishing sites. https://addons.mozilla.org/extensions/moreinfo.php?id=957
Received on Wednesday, 19 October 2005 01:06:22 UTC