Javascript doesn't pass URL's with a pound sign in it when calling window.open()

RESOLVED INVALID

Status

()

Core
DOM: Core & HTML
RESOLVED INVALID
15 years ago
15 years ago

People

(Reporter: Rob Crittenden, Assigned: rogerl (gone))

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

If one defines a javascript function that calls window.open() and the URL passed
to it contains a pound sign then everything from the pound-sign on is dropped
from the URL.

The function I'm using is:

function pop_up(url) {
    popup = window.open(url, 'win', 'scrollbars=1,resizable=1,width=475,height=300')
}

This is called via:
a href=javascript:pop_up("/cgi-bin/pound.pl?pound=This%20is%20a%20%23&second=foo")



Reproducible: Always

Steps to Reproduce:
1. http://www.greyoak.com/pound.html demonstrates this problem.


Actual Results:  
The first 2 links contain a pound sign, one is escaped, one is not. Neither
appears in the pop-up and the second variable in the query string is lost
altogether.

The 3rd link does not contain a pound in the pop-up and it works fine.

The last link does not use the javascript. It is a regular link with an encoded
pound sign and it works fine.


Expected Results:  
The expected output is:

Received 'This is a #'.

Got 'foo' as the second variable.

Tested on Linux (RH 7.2) with Mozilla 1.3.1, Mozilla 1.4 and Netscape 7.1.

Comment 1

15 years ago
don't forget to encode &second=foo as &second=foo in the URL's, though
that's not related to this bug :)

*** This bug has been marked as a duplicate of 206538 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Component: JavaScript Engine → DOM Level 0
QA Contact: pschwartau → ashishbhatt
Resolution: --- → DUPLICATE
Reopening.  This bug is different from the stated claim in bug 206538.

What's happening here is that we do, eg:

a href=javascript:pop_up("/cgi-bin/pound.pl?pound=This%20is%20a%20%23&second=foo")

Now javascript: urls are urls, so the string that's passed to pop_up has the
%-escapes replaced with the actual chars.  Thus we call:

pop_up("/cgi/bin/pound.pl?pound=This is a #&second=foo")

Which then calls window.open on that string... which includes a literal '#',
which is treated as an anchor reference.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
The behavior I'm seeing here is correct....  You have to encode the '%' signs to
make them safe to use in a javascript: url.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago15 years ago
Resolution: --- → INVALID
(Reporter)

Comment 4

15 years ago
Well, that works fine for Mozilla 1.3/4 and Netscape 7.1 but it breaks Navigator
4.8.

I also tested IE 5.5 and it works as Mozilla does so I guess I'll use %2523
instead of # and work around it in Navigator 4.x.
Yep, NS4 is broken like that.... If you care, recent versions of Opera also do
what Mozilla and IE do.
You need to log in before you can comment on or make changes to this bug.