Currently

1. NSS raises internal server error, if slug of a non-container resource ends with "%2F", which is also pct-encoded alias of "/". Thus we cannot do PUT res with uri like http://example.org/pod1/c1/c2/t1%2f with any content-type other than txt/html. NSS will raise internal server error. Even with txt/html, it creates container t1/ instead of non-container t1%2F resource
2. When slug contains %2F in middle, like t1%2Faa.txt, server sends success status on put request, and correctly returns location as t1%2Faa.txt under it's parent container, and also sends correct acl location. But in actual it instead creates t1/aa.txt resource, along with t1/ container.

The problem seems, when translating url-path to fs-path, it pct-decodes entire path instead of splitting path segments, and decoding them safely and combining them back. This violates uri standard too.

ESS sends 403 instead of 500, for all above cases, even though there is no spec violation.

CSS seems also has issue