-
Enhancement
-
Resolution: Unresolved
-
P4
-
None
-
None
-
generic
-
generic
A DESCRIPTION OF THE PROBLEM :
The ZIP specification is very clear: The file names in the ZIP, in JDK they are called "entry names", _MUST_ use the forward slash, '/', as the folder separator and _MUST NOT_ start with the slash character. JDK allows backslash character to be used in the element name and allows the element name to start with the forward slash. Thus, the developer is provided with a massive footgun: it is extremely easy to create non-compliant ZIP files.
The ZIP specification is very clear: The file names in the ZIP, in JDK they are called "entry names", _MUST_ use the forward slash, '/', as the folder separator and _MUST NOT_ start with the slash character. JDK allows backslash character to be used in the element name and allows the element name to start with the forward slash. Thus, the developer is provided with a massive footgun: it is extremely easy to create non-compliant ZIP files.