Mark Thomas
Mark Thomas
Yes, I agree with pretty much all of that. It is great to feel that some progress is being made in this area. I wasn't aware `%uXXXX` was even a...
I've been thinking about the impact this discussion has on mapping requests. But first I'd like to respond to your points. I agree reducing modes is good. I've no objection...
> > What was your thinking in requiring an IAE if `getResource()` and friends were called with a path that included a %nn encoded non-reserved character? > > The idea...
> How this is handled all depends on where we see the future. Do we want an arbitrary Servlet-9.0 application to be able to continue to choose between the modes...
@gregw Does this bring us close enough to start on a PR?
That works for me. Thanks for setting it up. I agree we need answers to those questions. As we have found, everything is inter-related so it is hard to discuss...
I wonder if trying to configure this per context we are making things more complex for the large majority to support something only a very small minority will ever need....
This approach could be implemented as a Filter. If we were going to do this, I think something that enforces the limit at the point the parameters are parsed -...
> The parameter count limit is there to protect Tomcat from a DoS caused by hash collisions (right?). Hash collisions was why the 10k limit was put in place -...
While I think there is a case to be made for the behaviour you describe, the Javadoc for PushBuilder has the same language > If `HttpServletResponse.addCookie(Cookie)` has been called on...