I would use new URL("http://localhost/static"; + path).openStream() to
fetch the data instead of File(). Leave the security up to Tomcat.
On Wed, Jun 12, 2013 at 7:01 AM, Thiago H de Paula Figueiredo <
thiag...@gmail.com> wrote:
> On Wed, 12 Jun 2013 07:08:10 -0300, John <j...@quivinco.com> wrote:
>
> Hi,
>>
>
> Hi!
>
>
> I have a need to link to some static HTML generated by a CMS app.
>> Assuming this content is in a directory outside my Tapestry app, what would
>> be the best way of linking/serving it via Tapestry?
>>
>
> I'd create a page that receives the file name or path in the activation
> context and returns a StreamResponse wrapping the file (which is probably
> in a fixed folder or its subfolders). Pay attention to security, refusing
> file names or paths with '..' (without the quotes) on it so no file outside
> the HTML folder is ever returned.
>
> --
> Thiago H. de Paula Figueiredo
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail:
> users-unsubscribe@tapestry.**apache.org<users-unsubscr...@tapestry.apache.org>
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
