Note: There are a few cases of duplicates in user autocompletion which are being worked on.

percent-encoded port numbers are mis-parsed in URIs

RESOLVED FIXED

Status

()

Core
Networking
RESOLVED FIXED
9 years ago
6 years ago

People

(Reporter: Bob Aman, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(status1.9.2 wontfix)

Details

(Whiteboard: [sg:low spoof], URL)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

If you try to navigate to http://google.com:%38%30/, Firefox will normalize and navigate to http://google.com:38/ instead, which is clearly wrong.

Reproducible: Always

Steps to Reproduce:
1. Navigate to http://google.com:%38%30/

Actual Results:  
Firefox tries to connect to port 38 on google.com.

Expected Results:  
Firefox should have tried to connect to port 80 on google.com.

Opera and IE both normalize to http://google.com/ which seems reasonable to me since "%38%30" unencodes to "80".  Safari gives a weird error message.
(Reporter)

Updated

9 years ago
Version: unspecified → 3.0 Branch
(Reporter)

Updated

9 years ago
OS: Mac OS X → All
Hardware: Macintosh → All
(Reporter)

Comment 1

9 years ago
From reading RFC 3986, it's pretty clear that percent encoding port numbers is not legitimate.  However, pulling out a numeric valid from a percent encoded string is even less legitimate.

The way I see it, there's only two sensible approaches here.  You could take the purist approach and give an error message.  Or you could take the liberalist approach and unencode the port component before looking for a numeric value.

Comment 2

9 years ago
Dao: Something with how firefox decodes uris? Might be more than just firefox though.. If you hover over the URL link, it already shows google.com:38, so not just the location bar decoding logic..
(Reporter)

Comment 3

9 years ago
Yeah sorry, I knew it wasn't location bar specific, but I didn't see a better place to categorize the bug.
Component: Location Bar and Autocomplete → Networking
Product: Firefox → Core
QA Contact: location.bar → networking
Whiteboard: [sg:low spoof]
Version: 3.0 Branch → Trunk
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Firefox tries to connect to a bogus port when port is percent encoded. → percent-encoded port numbers are mis-parsed in URIs
This is fixed on trunk, still a problem in 3.6.x. Realistically we're not going to backport this fix.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
status1.9.2: --- → wontfix
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.