On Sat, 15 May 2021 at 12:09, Almaember <almaember@disroot.org> wrote: > > A question to everybody reading the list, how badly would it break the > spec to simply block any request whose URLs contain ".." as a standalone > path-element? > I don't think it would break anything, seems perfectly logical to me to block `..` as a part of a path. Blocking `~` and `.` as well would be good. -Oliver Simmons
---
Previous in thread (2 of 5): 🗣️ Almaember (almaember (a) disroot.org)