Closed Bug 167196 Opened 23 years ago Closed 23 years ago

wrong handling of <BASE HREF=...>

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 141537

People

(Reporter: ag, Unassigned)

Details

(Keywords: compat)

the handling of <BASE HREF=...> seems to be broken. on http://www.huk.de/schaden/haftung/ph_vn.jsp the two links "Verschluesselter Verbindungsaufbau" and "Unverschluesselter Verbindungsaufbau" dont work in Mozilla (and Netscape 4). They work in Internet Explorer, Opera and Konqueror. A cut-down version of the page source that triggers the bug is: <html><body> <a href='../frs_sc_meldung/index.jsp?secure=1&meldung=ph_vn_meldung.html&sub=haftung'>foo</a> <base href="http://www.huk.de/a_ressourcen/teaser/vm_gs/teaser_bild.jsp"> <base href="http://www.huk.de/schaden/haftung/ph_vn.jsp"> </body></html> The links should be http://www.huk-coburg.de/schaden/frs_sc_meldung/index.jsp?secure=0&meldung=ph_vn_meldung.html&sub=haftung and http://www.huk-coburg.de/schaden/frs_sc_meldung/index.jsp?secure=1&meldung=ph_vn_meldung.html&sub=haftung but Mozilla parses them into http://www.huk.de/a_ressourcen/teaser/frs_sc_meldung/index.jsp?secure=0&meldung=ph_vn_meldung.html&sub=haftung and http://www.huk.de/a_ressourcen/teaser/frs_sc_meldung/index.jsp?secure=1&meldung=ph_vn_meldung.html&sub=haftung getting confused by the <BASE HREF> that appears after the links. As far as i know, <BASE HREF> is not even allowed in the <BODY> part of a html-file, but "all the other browsers" seem to decide that a <BASE HREF> tag in the body of a html-file is valid for all references from the point in the source where the BASE is given. I think the right thing to do would be to either ignore <BASE HREF> in the BODY completely, or make it effective from its point in the source. but the behaviour of mozilla is quite contra-intuitive. this was tested on Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826
Wasn't there a bug where supporting <base href=""> in <body> turned out to create a possible security hole? This should probably be Evangelism, IMO, anyway.
Assignee: asa → new-network-bugs
Component: Browser-General → Networking
Keywords: compat
QA Contact: asa → benc
*** This bug has been marked as a duplicate of 141537 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Component: Networking → Parser
QA Contact: benc → moied
You need to log in before you can comment on or make changes to this bug.