Uri.resolve and Uri.resolveUri return incorrect results for ".." when the base URI is relative #23809
Comments
nex3
added
Type-Defect
area-core-library
|
Upon further inspection, this goes beyond just |
nex3
changed the title
|
The problem is that the resolution algorithm in RFC 3986 is only specified to work for an "absolute" base URI, and for that case, you can't go "above the root", so initial ".." are discarded. (It's not really absolute in the sense that the path needs to start with "/", but nevertheless it acts that way). We conflate URI (always has a scheme and is considered "complete") and URI-reference (may not have a scheme and is considered to be relative to a base URI) into one class, so we can't easily make the distinction that you can only resolve a URI reference against a base URI. So, resolving against a relative URI is really unspecified, but I agree that it would be great if it did something useful instead of this. How about: If the receiver Uri of resolveUri has no scheme (so we are in unspecified territory) and a non-empty relative path (implies that there is also no authority, and it's really just a path), then we allow path merging to result in leading ".." segments. That means that |
|
Let's do that. |
|
Another problem is that we don't path-normalize the URI from the beginning, and I think we should do that too. |
|
Agreed. This is something that could drip users. So let's fix it. |
|
@floitschG should we do this for 1.12 ? |
|
Thanks for asking :) |
|
Cool, thanks for the update! |
Invalid test cleanup (parse_test) [TBR].
Currently,
Uri.parse(".").resolve("../foo").pathreturns"foo". This is incorrect;.refers to the current path, so anything resolved relative to it should return itself. This means that the example above should return"../foo".The text was updated successfully, but these errors were encountered: