“/” succeeds on Linux/unix
“C:” fails on Windows

I think the behavior should be made consistent.

Note: I’m 80% sure in previous versions of STRJ “C:” did succeed on Windows.

Submitted by Jan Raszyk on 17 March 2010 at 21:29

Hm, it eated my markup, sorry for that.

Let’s write it in this way:
!“/”; file-exists // this succeeds on unix
!“C:”; file-exists // this fails on windows

imho this site might be XSS vulnerable.

You’re absolutely right. Both tests should succeed. I think this might be an odd case in the Java API. We’ll fix it in a future version. (The XSS thing has been fixed a while ago, but apparently this website is still based on an old version of WebDSL.)

This problem seems to be caused by the Java File class:

System.out.println(new File(“C:”).isAbsolute());
System.out.println(new File(“C:\”, “C:”));

returns

false
C:\C:

Even though Windows doesn’t seem to allow a directory called C:\C:. I think this is a bug in java.io.File.

I’m not sure if we should “fix” this at the Stratego level. If we do, then we’d have to check for the ‘:’ at the end of any relative path, and decide that on Windows such a path should be treated as an absolute path…