Closed Bug 1695461 Opened 4 years ago Closed 4 years ago

NUL bytes in <link> href are incorrectly replaced with replacement character (U+FFFD)

Categories

(Core :: DOM: HTML Parser, defect)

Firefox 85
defect

Tracking

()

RESOLVED INVALID

People

(Reporter: justanotherarchivist, Unassigned)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0

Steps to reproduce:

  1. Create index.html and style<U+FFFD>sheet.css (that's 'style' + 0xEFBFBD + 'sheet.css' with UTF-8) as in the attachment.
  2. Open index.html in Firefox

index.html and index2.html are variants of the same thing. The former contains an actual NUL byte; the latter uses a numeric character reference.

Actual results:

The NUL byte is replaced with a replacement character. Firefox loads the style<U+FFFD>sheet.css file, and the background turns red. In view-source, the link's href shows as '.../style%uFFFDsheet.css'.

Expected results:

Firefox should attempt and fail to load style<NUL>sheet.css, i.e. the background should stay the default colour, white.

To clarify and avoid confusion, the link's href shows as that in view-source on hover only. In the source itself, it's displayed correctly as either 'style<NUL>sheet.css' (with a U+0000 replacement box on my font) or 'style<sheet.css'.

This happens in all browsers, no? This is how the HTML parser operates. If you want to reference 0x00, use %00.

Flags: needinfo?(justanotherarchivist)

I was misguided by HTML5.2's definition of <link>'s href as a USVString [0] as well as the misbehaviour of another parser. But you're right, NULs in attribute values both literally [1] and by numeric reference [2] cause a parse error and are replaced by U+FFFD.

Sorry for the noise.

[0] https://www.w3.org/TR/2017/REC-html52-20171214/document-metadata.html#the-link-element
[1] https://www.w3.org/TR/2017/REC-html52-20171214/syntax.html#attribute-value-double-quoted-state
[2] https://www.w3.org/TR/2017/REC-html52-20171214/syntax.html#tokenizer-numeric-character-reference-end-state

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Flags: needinfo?(justanotherarchivist)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: