Closed
Bug 1272284
Opened 9 years ago
Closed 9 years ago
C0 controls could appear in the middle of a URL
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla49
Tracking | Status | |
---|---|---|
firefox49 | --- | fixed |
People
(Reporter: 446240525, Assigned: valentin)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-active] btpp-active)
Attachments
(1 file)
6.46 KB,
patch
|
mcmanus
:
review+
|
Details | Diff | Splinter Review |
> location.href="https://bugzilla.mozilla.org/?foo=\0&bar=\1"
Exception: "The URI is malformed" // \1 should be stripped and \0 should be escaped to %00
and same for:
location.assign("http\0://fo\0o.b\0ar/pa\0th#ha\0sh")
location.search="?foo=\0&bar=\1"
etc...
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → valentin.gosu
Whiteboard: [necko-active]
Updated•9 years ago
|
Whiteboard: [necko-active] → [necko-active] btpp-active
Assignee | ||
Comment 1•9 years ago
|
||
Anne,
From what I can tell, C0&space are still not allowed in the scheme and host.
As of now, we enforce that we encode all C0 characters&space (except \r\n\t which are stripped) in the path, query and hash, the other exception being \0 - which we can't allow at the moment, since some of our API's still use C null-terminated strings.
Is this OK?
Flags: needinfo?(annevk)
Comment 2•9 years ago
|
||
I think the \0 behavior is broken (I believe most other user agents handle it fine), but the rest sounds like it matches the specification, yes.
Flags: needinfo?(annevk)
Comment 3•9 years ago
|
||
Wasn't baku just fixing this kind of cases in some other bug? Or perhaps this is some different variant of it.
Comment 4•9 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #3)
> Wasn't baku just fixing this kind of cases in some other bug? Or perhaps
> this is some different variant of it.
Similar thing in form submission. See bug 1272298.
Assignee | ||
Comment 5•9 years ago
|
||
MozReview-Commit-ID: 1zGRjVmAWts
Attachment #8754425 -
Flags: review?(mcmanus)
Updated•9 years ago
|
Attachment #8754425 -
Flags: review?(mcmanus) → review+
Assignee | ||
Comment 6•9 years ago
|
||
Assignee | ||
Comment 7•9 years ago
|
||
Assignee | ||
Comment 8•9 years ago
|
||
Assignee | ||
Comment 9•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f8cb3324570e9479124a7f5ef1cb4a23b6b1465f
Bug 1272284 - Encode C0 controls in path, query and hash r=mcmanus
Comment 10•9 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•