#springUrl does not run encodeURL() [SPR-5134] #9807
Description
Sutra Zhou opened SPR-5134 and commented
The API of JEE says:
Encodes the specified URL by including the session ID in it, or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. For example, if the browser supports cookies, or session tracking is turned off, URL encoding is unnecessary.
For robust session tracking, all URLs emitted by a servlet should be run through this method. Otherwise, URL rewriting cannot be used with browsers which do not support cookies.
So we should do this:
#**
- springUrl
- Takes a relative URL and makes it absolute from the server root by
- adding the context root for the web application.
*#
#macro( springUrl $relativeUrl )$response.encodeURL("$springMacroRequestContext.getContextPath()${relativeUrl}")#end
No further details from SPR-5134