Re: [jetty-dev] Regression Issue with Slash for getResourceAsStream

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] Regression Issue with Slash for getResourceAsStream

From: Greg Wilkins <gregw@xxxxxxxxxxx>
Date: Wed, 9 Jul 2014 14:07:43 +1000
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>

Young,

we are constantly fighting such aliasing of resources. Allowing // to be treated as / is just asking for security problems.

cheers

On 23 May 2014 15:54, Young Gu <hyysguyang@xxxxxxxxx> wrote:

Hello,

Seems there is a regression issue with getResourceAsStream, it works well with Jetty 8.x when the path include double slash, but it doesn’t work for 9.x.

For example, when run on Jetty 8.x, you can get the file inputstream with servletContext.getResourceAsStream("/WEB-INF//test/test.html" , but you will get null for 9.x.

WDYT?

--

Best Regards,
-------------
Young Gu | Senior Software Engineer | http://www.infor.com

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-dev

References:
- [jetty-dev] Regression Issue with Slash for getResourceAsStream
  - From: Young Gu

Prev by Date: [jetty-dev] 9.2.x vs 9.3.x and RFC7230
Next by Date: Re: [jetty-dev] understanding the jetty 9.2.X architecture
Previous by thread: [jetty-dev] Regression Issue with Slash for getResourceAsStream
Next by thread: Re: [jetty-dev] Embedded Jetty with jsp - sun.tools.javac.Main has been deprecated
Index(es):
- Date
- Thread

Breadcrumbs