johnnydecimal
commented
10 months ago A great observation, but the solution can't be to restrict titles: you need to be able to call your thing whatever you want, whether it includes /, :, or whatever else.
Perhaps we just note in the spec that this is an issue to be considered. And that the implementor of any application needs to work around it.
Perhaps with an official list of substitutions so at least they're consistent?
Should there be something in the spec mentioning how items must be valid filenames? Would prevent users from being able to create Areas/Categories/IDs that can't be created on the filesystem and stop directory traversal attacks based on how paths are implemented.