URL Encoding of script tag src attribute

It appears that numerous Nuxeo xhtml files have script tags with a src attribute url that is not encoded. For example, see line 24 in nuxeo-user-activity-stream/src/main/resources/web/nuxeo.war/incl/includes.xhtml:

<script type="text/javascript" src="#{baseURL}js/?scripts=confirmAlerts.js|DragAndDrop.js|tableSelections.js|customSeamRemotingWaiter.js|custom-javascript.js|default-contextmenu-actions.js|custom-contextmenu-actions.js|tooltip.js"></script>

The url includes the vertical pipe/bar character '|' which is “unsafe” and should be encoded as %7C. Should I open a bug for this issue across the platform?


0 votes

1 answers



I consider this a RFC 1738 compliancy bug and opened JIRA issue https://jira.nuxeo.com/browse/NXP-8916 which has since been resolved.

1 votes

You right this not really clean to let that. But the RFC is not really clear in this subject as this explained here:


Anyway, thank you for your feedback and don't hesitate to copy the JIRA url here.


Can you copy the JIRA ticket here. I see that you pull request a fix about that, right ?