On 08/01/2019 21:31, Garret Wilson wrote:
<snip/>
But as discussed above, this is completely wrong: the resource character
encoding of a request sent in `application/x-www-form-urlencoded` should
have absolutely no bearing on how the encoded octets within that
resource are decoded.
That is not the correct interpretation of section 3.12 of the Servlet
4.0 specification (note the section numbers do vary between spec
versions). Tomcat implements the correct interpretation - i.e. the
charset from the request content-type defines how encoded octets are
decoded and, if none is specified, ISO-8859-1 is used as the default.
Yes, this default is now very out-dated. That is a side-effect of:
- how long the Servlet specification has been around
- the very conservative approach taken by Java EE in terms of backwards
compatibility (once set, defaults are very rarely - if ever - changed)
- arguably missed opportunities to address this issue prior to
Servlet 4.0
As of Servlet 4.0 there is a specification compliant configuration
option to change this default to any encoding of your choice. Obviously,
UTF-8 is one of the options. You can do this by adding the following to
your web.xml:
<request-character-encoding>UTF-8</request-character-encoding>
If you add it to conf/web.xml it applies to every web application
deployed to Tomcat.
Tomcat 9 uses this in the examples, manager and host-manager
applications in place of the SetCharacterEncodingFilter.
Whether Tomcat should ship with this setting present in conf/web.xml by
default is something that should probably be discussed for Tomcat 10.
Given the current state of the web, there is a reasonable case for doing
so. I'll add that to the TOMCAT-NEXT discussion list.
The Tomcat Wiki also needs to be updated to take account of this new
configuration option (and the related <response-character-encoding>).
Since it is a wiki and this is clearly an issue you care about would you
like to tackle that?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
