- From: Paul Phillips <paulp@cerf.net>
- Date: Fri, 28 Apr 1995 15:02:34 -0700 (PDT)
- To: www-talk@www10.w3.org
Upon whom does the responsibility lie for avoiding ".." in request pathnames? Would a server that rejects any URL request with ".." in it be non-compliant? It's my (limited) understanding that the client is supposed to take care of this, i.e. if I have a page like so: /foo/bar.html: <A HREF="../baz.html">Baz</A> The client should issue that request as /baz.html rarther than /foo/../baz.html. Is this codified anywhere? I don't like the server overhead of doing .. translations, I'd rather reject it out of hand, if I can. -- Paul Phillips EMAIL: paulp@cerf.net WWW: http://www.primus.com/staff/paulp/ PHONE: (619) 220-0850
Received on Friday, 28 April 1995 18:04:55 UTC