Closed Bug 1272284 Opened 3 years ago Closed 3 years ago

C0 controls could appear in the middle of a URL

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla49
Tracking Status
firefox49 --- fixed

People

(Reporter: 446240525, Assigned: valentin)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-active] btpp-active)

Attachments

(1 file)

> location.href="https://bugzilla.mozilla.org/?foo=\0&bar=\1"
Exception: "The URI is malformed"  // \1 should be stripped and \0 should be escaped to %00

and same for:

location.assign("http\0://fo\0o.b\0ar/pa\0th#ha\0sh")
location.search="?foo=\0&bar=\1"

etc...
Blocks: url
Assignee: nobody → valentin.gosu
Whiteboard: [necko-active]
Whiteboard: [necko-active] → [necko-active] btpp-active
Anne,
From what I can tell, C0&space are still not allowed in the scheme and host.
As of now, we enforce that we encode all C0 characters&space (except \r\n\t which are stripped) in the path, query and hash, the other exception being \0 - which we can't allow at the moment, since some of our API's still use C null-terminated strings.
Is this OK?
Flags: needinfo?(annevk)
I think the \0 behavior is broken (I believe most other user agents handle it fine), but the rest sounds like it matches the specification, yes.
Flags: needinfo?(annevk)
Wasn't baku just fixing this kind of cases in some other bug? Or perhaps this is some different variant of it.
(In reply to Olli Pettay [:smaug] from comment #3)
> Wasn't baku just fixing this kind of cases in some other bug? Or perhaps
> this is some different variant of it.

Similar thing in form submission. See bug 1272298.
MozReview-Commit-ID: 1zGRjVmAWts
Attachment #8754425 - Flags: review?(mcmanus)
Attachment #8754425 - Flags: review?(mcmanus) → review+
https://hg.mozilla.org/mozilla-central/rev/f8cb3324570e
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.