POST binding URL now escaped, why?
Chad La Joie
lajoie at itumi.biz
Mon Sep 5 14:07:57 BST 2011
I've found the OWASP[1] documentation to be pretty good. That's the
library we're using as well.
[1] https://www.owasp.org/index.php/Main_Page
On Mon, Sep 5, 2011 at 09:05, Etienne Dysli <etienne.dysli at unil.ch> wrote:
> On 05/09/11 14:53, Chad La Joie wrote:
>> You should probably contact Juniper then. Apps really should be
>> encoding the URLs like that (and shame on us for not doing it sooner)
>> so it's possible you might get bitten by this issue elsewhere.
>
> We've just filed a case with them this morning. Apparently their parser
> is unable to decode entities.
>
> For my culture, do you have any literature references about the reasons
> to encode all URLs?
>
> Etienne
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
More information about the users
mailing list