NUL bytes in <link> href are incorrectly replaced with replacement character (U+FFFD)
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
People
(Reporter: justanotherarchivist, Unassigned)
Details
Attachments
(1 file)
282 bytes,
application/zstd
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0
Steps to reproduce:
- Create index.html and style<U+FFFD>sheet.css (that's 'style' + 0xEFBFBD + 'sheet.css' with UTF-8) as in the attachment.
- Open index.html in Firefox
index.html and index2.html are variants of the same thing. The former contains an actual NUL byte; the latter uses a numeric character reference.
Actual results:
The NUL byte is replaced with a replacement character. Firefox loads the style<U+FFFD>sheet.css file, and the background turns red. In view-source, the link's href shows as '.../style%uFFFDsheet.css'.
Expected results:
Firefox should attempt and fail to load style<NUL>sheet.css, i.e. the background should stay the default colour, white.
Reporter | ||
Comment 1•4 years ago
|
||
To clarify and avoid confusion, the link's href shows as that in view-source on hover only. In the source itself, it's displayed correctly as either 'style<NUL>sheet.css' (with a U+0000 replacement box on my font) or 'style<sheet.css'.
Comment 2•4 years ago
|
||
This happens in all browsers, no? This is how the HTML parser operates. If you want to reference 0x00, use %00
.
Reporter | ||
Comment 3•4 years ago
|
||
I was misguided by HTML5.2's definition of <link>'s href as a USVString [0] as well as the misbehaviour of another parser. But you're right, NULs in attribute values both literally [1] and by numeric reference [2] cause a parse error and are replaced by U+FFFD.
Sorry for the noise.
[0] https://www.w3.org/TR/2017/REC-html52-20171214/document-metadata.html#the-link-element
[1] https://www.w3.org/TR/2017/REC-html52-20171214/syntax.html#attribute-value-double-quoted-state
[2] https://www.w3.org/TR/2017/REC-html52-20171214/syntax.html#tokenizer-numeric-character-reference-end-state
Description
•