I am looking at
http://java.net/jira/browse/SERVLET_SPEC-43
("Clarify behaviour of HttpServletResponse#encodeURL() with relative URLs")
In HttpServletResponse, we also have #encodeRedirectURL.
From javadoc of #encodeRedirectURL, we have
"All URLs sent to the HttpServletResponse.sendRedirect method should be
run through this method."
In this case, #encodeRedirectURL should be relative to current
HttpServletRequest.
(We need to clarify this in the spec.)
Should we also apply the same "relative" principle to #encodeURL?
If yes, then we have the following:
* Suppose a http request comes to
http://localhost:8080/a/myservlet
* Inside myservlet, it is an error to call
out.println(request.encodeURL("../../../../../a.jsp"));
the url is "not" used for redirect here.
Is it ok?
Shing Wai Chan