Closed Bug 1272284 Opened 9 years ago Closed 9 years ago

C0 controls could appear in the middle of a URL

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla49
Tracking Status
firefox49 --- fixed

People

(Reporter: 446240525, Assigned: valentin)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-active] btpp-active)

Attachments

(1 file)

> location.href="https://bugzilla.mozilla.org/?foo=\0&bar=\1" Exception: "The URI is malformed" // \1 should be stripped and \0 should be escaped to %00 and same for: location.assign("http\0://fo\0o.b\0ar/pa\0th#ha\0sh") location.search="?foo=\0&bar=\1" etc...
Blocks: url
Assignee: nobody → valentin.gosu
Whiteboard: [necko-active]
Whiteboard: [necko-active] → [necko-active] btpp-active
Anne, From what I can tell, C0&space are still not allowed in the scheme and host. As of now, we enforce that we encode all C0 characters&space (except \r\n\t which are stripped) in the path, query and hash, the other exception being \0 - which we can't allow at the moment, since some of our API's still use C null-terminated strings. Is this OK?
Flags: needinfo?(annevk)
I think the \0 behavior is broken (I believe most other user agents handle it fine), but the rest sounds like it matches the specification, yes.
Flags: needinfo?(annevk)
Wasn't baku just fixing this kind of cases in some other bug? Or perhaps this is some different variant of it.
(In reply to Olli Pettay [:smaug] from comment #3) > Wasn't baku just fixing this kind of cases in some other bug? Or perhaps > this is some different variant of it. Similar thing in form submission. See bug 1272298.
MozReview-Commit-ID: 1zGRjVmAWts
Attachment #8754425 - Flags: review?(mcmanus)
Attachment #8754425 - Flags: review?(mcmanus) → review+
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: