Closed
Bug 1272284
Opened 8 years ago
Closed 8 years ago
C0 controls could appear in the middle of a URL
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla49
Tracking | Status | |
---|---|---|
firefox49 | --- | fixed |
People
(Reporter: 446240525, Assigned: valentin)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-active] btpp-active)
Attachments
(1 file)
6.46 KB,
patch
|
mcmanus
:
review+
|
Details | Diff | Splinter Review |
> location.href="https://bugzilla.mozilla.org/?foo=\0&bar=\1"
Exception: "The URI is malformed" // \1 should be stripped and \0 should be escaped to %00
and same for:
location.assign("http\0://fo\0o.b\0ar/pa\0th#ha\0sh")
location.search="?foo=\0&bar=\1"
etc...
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → valentin.gosu
Whiteboard: [necko-active]
Updated•8 years ago
|
Whiteboard: [necko-active] → [necko-active] btpp-active
Assignee | ||
Comment 1•8 years ago
|
||
Anne, From what I can tell, C0&space are still not allowed in the scheme and host. As of now, we enforce that we encode all C0 characters&space (except \r\n\t which are stripped) in the path, query and hash, the other exception being \0 - which we can't allow at the moment, since some of our API's still use C null-terminated strings. Is this OK?
Flags: needinfo?(annevk)
Comment 2•8 years ago
|
||
I think the \0 behavior is broken (I believe most other user agents handle it fine), but the rest sounds like it matches the specification, yes.
Flags: needinfo?(annevk)
Comment 3•8 years ago
|
||
Wasn't baku just fixing this kind of cases in some other bug? Or perhaps this is some different variant of it.
Comment 4•8 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #3) > Wasn't baku just fixing this kind of cases in some other bug? Or perhaps > this is some different variant of it. Similar thing in form submission. See bug 1272298.
Assignee | ||
Comment 5•8 years ago
|
||
MozReview-Commit-ID: 1zGRjVmAWts
Attachment #8754425 -
Flags: review?(mcmanus)
Updated•8 years ago
|
Attachment #8754425 -
Flags: review?(mcmanus) → review+
Assignee | ||
Comment 6•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=16e7bf389122
Assignee | ||
Comment 7•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=8605964f7ee0
Assignee | ||
Comment 8•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=04c3eaf9bcea
Assignee | ||
Comment 9•8 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f8cb3324570e9479124a7f5ef1cb4a23b6b1465f Bug 1272284 - Encode C0 controls in path, query and hash r=mcmanus
Comment 10•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/f8cb3324570e
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•