Closed Bug 283538 Opened 20 years ago Closed 20 years ago

ampersands in HTTP header must be '&' not '&amp'

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: rn214, Assigned: darin.moz)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041009 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041009 Firefox/1.0

I'm not certain whether this is a bug per se, but it is certainly strange
behaviour. 

When one writes a normal link, it should be written thus:
<a href="http://www.example.com/index.php?foo=bar&amp;baz=wombat">right</a>
although firefox will usually forgive the incorrect link:
href="http://www.example.com/index.php?foo=bar&baz=wombat">wrong</a>


But doing the same with an HTTP header redirect, results in failure: Firefox
does not interpret the character entity. 
Eg the following php snippet should result in a firefox redirecting to this URL: 
http://www.example.com/index.php?foo=bar&baz=wombat

<?
$redirect_location='http://www.example.com/index.php?foo=bar&amp;baz=wombat';
header("Location: $redirect_location");
?>

But it doesn't. The &amp; is not evaluated, and we end up at the URL:
http://www.example.com/index.php?foo=bar&amp;baz=wombat
which means that the server cannot set the value of baz.

Thus, in normal links, one *must* use '&amp;' , whereas in HTTP header
redirects, one must *not* use '&amp;'.

Reproducible: Always

Steps to Reproduce:
This behaviour also occurs in Mozilla and Konqueror. The w3c validator validates
both types of HTTP header.


Expected Results:  
Perhaps Firefox should accept either type of encoding (&amp; or &) in an HTTP
header?

Sorry if this is not a bug at all. The behaviour is strange, and inconsistent,
and has caused problems with my own website. However, I may be completely in
error, in which case, I apologise for wasting your time.
Assignee: firefox → darin
Component: General → Networking: HTTP
Product: Firefox → Core
QA Contact: general → networking.http
Version: unspecified → Trunk
This is not a bug - in that HTTP is not HTML, and the '&' character in an HTTP
header is perfectly valid, without denoting a character entity.

However, it might nevertheless be worth interpreting '&amp;' on the princple of
"do as I mean, not as I say". 
>Perhaps Firefox should accept either type of encoding (&amp; or &) in an HTTP
>header?

we won't start to parse HTTP headers as HTML. this is not a bug.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
V/invalid.
QA Contact: networking.http → benc
*** Bug 348585 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.