Closed Bug 227625 Opened 21 years ago Closed 21 years ago

Ampersand in text form field is not escaped in URL

Categories

(Firefox :: General, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: kannan, Assigned: bugzilla)

References

()

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031203 Firebird/0.7+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031203 Firebird/0.7+ On the Yahoo! Finance "Enter Symbol(s)" form, if you enter a string that has both an ampersand and at least one space character, the URL generated when you submit includes your ampersand as is (instead of "%26"). Reproducible: Always Steps to Reproduce: 1. Go to http://finance.yahoo.com/ 2. Type in "s&p 500" into the "Enter Symbol(s)" box. 3. Press "GO" Actual Results: I get a search result for the symbol "s" because the unescaped ampersand split the parameter up. URL: http://finance.yahoo.com/q/cq?s=s&p+500&d=v1 Expected Results: The ampersand should have been escaped. The URL should have looked like this (I think): http://finance.yahoo.com/q?s=s%26p+500&d=v1 I've only seen this problem on the one form that I named in the "Steps to Reproduce" section. Also, it only happens if there are spaces in the field. A search for "s&p500" works fine. The page did have some JavaScript but it didn't look like it messed around with the URL.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031027 Firebird/0.7+ I don't believe this is a problem with firebird. S&P 500 is not a valid item to enter in the text box so yahoo returns the most likely match. All stock and index symbols do not contain any spaces. For example if you want the S&P 500 ^GSPC must be entered into the search box not "s&p500" or "S&P 500". IE displays the same behavior which leads me to believe that this has to do with the yahoo finance lookup engine and not a problem with firebird.
I just installed the "Live HTTP Headers" extension and looked at the request. It looks like Firebird is sending out the correct location but, for some reason, Yahoo sends a bad "Location" header.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.