RFR 8245245 : WebSocket can loose the URL encoding of URI query parameters
Chris Hegarty
chris.hegarty at oracle.com
Fri Jun 26 13:51:54 UTC 2020
> On 26 Jun 2020, at 14:38, Pavel Rappo <pavel.rappo at oracle.com> wrote:
>
> Rahul,
>
> Won't that start retaining the URL fragment? From https://tools.ietf.org/html/rfc6455#section-3
>
> Fragment identifiers are meaningless in the context of WebSocket URIs
> and MUST NOT be used on these URIs. As with any URI scheme, the
> character "#", when not indicating the start of a fragment, MUST be
> escaped as %23.
I don’t think that a a fragment will be retained, see
182 null); // No fragment
, but maybe the concern is that a fragment character can be sneaked into other parts of the URI components, like the query? If so, then the test could be expanded to ensure that this cannot happen.
-Chris.
More information about the net-dev
mailing list