Closed Bug 1272284 Opened 5 years ago Closed 5 years ago
C0 controls could appear in the middle of a URL
> location.href="https://bugzilla.mozilla.org/?foo=\0&bar=\1" Exception: "The URI is malformed" // \1 should be stripped and \0 should be escaped to %00 and same for: location.assign("http\0://fo\0o.b\0ar/pa\0th#ha\0sh") location.search="?foo=\0&bar=\1" etc...
5 years ago
Assignee: nobody → valentin.gosu
Whiteboard: [necko-active] → [necko-active] btpp-active
Anne, From what I can tell, C0&space are still not allowed in the scheme and host. As of now, we enforce that we encode all C0 characters&space (except \r\n\t which are stripped) in the path, query and hash, the other exception being \0 - which we can't allow at the moment, since some of our API's still use C null-terminated strings. Is this OK?
I think the \0 behavior is broken (I believe most other user agents handle it fine), but the rest sounds like it matches the specification, yes.
Wasn't baku just fixing this kind of cases in some other bug? Or perhaps this is some different variant of it.
(In reply to Olli Pettay [:smaug] from comment #3) > Wasn't baku just fixing this kind of cases in some other bug? Or perhaps > this is some different variant of it. Similar thing in form submission. See bug 1272298.
Attachment #8754425 - Flags: review?(mcmanus)
Attachment #8754425 - Flags: review?(mcmanus) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/f8cb3324570e9479124a7f5ef1cb4a23b6b1465f Bug 1272284 - Encode C0 controls in path, query and hash r=mcmanus
You need to log in before you can comment on or make changes to this bug.