16 Nov
2015
16 Nov
'15
1:50 p.m.
From: Vincent: At 16.11.2015, 13:23
[...]
I didn't mean to say that with my proposal no URL Encoding or other escaping need to
happen at all, or no escaping in entity references.
Of course something like that will need to happen, unless one has a pretty long list of
"forbidden" stuff, which will not be user-friendly.
The only part I tried to address is the problem that by default tomcat and apache's
httpd do not allow slashes - encoded or not - in the URL.
I am not sure why the other chars come in here now. If they get properly escaped /
unescaped they should not cause problems.
Clemens
Personally I prefer a third option:
- disallow '/' and '\' in page names completely when creating / renaming
pages
- in the UI, if the user enters these characters to add (or rename), scrap them from the
page name, or replace then by '-' (they will still show up in the title)
and create a new page with the name without the slashes
- make this configureable, like 'xwiki.pagename.forbiddenchars=/\\'
and then people who are able to set up their servlet container to allow slashes can empty
that config variable.
This covers only a portion of all the use cases, unless you
also want to disable “.”, “:”, “@“, “^” characters in page names because if you don’t then
they’ll be escaped in serialized references which can surface in the URL (as shown by
http://jira.xwiki.org/browse/XWIKI-11528 and by the URL format I’m proposing for Zip URLs.
The reference URL scheme is also affected obviously, see
http://design.xwiki.org/xwiki/bin/view/Design/AlternateURLScheme).