Closed Bug 467563 Opened 12 years ago Closed 9 years ago

percent-encoded port numbers are mis-parsed in URIs


(Core :: Networking, defect)

Not set



Tracking Status
status1.9.2 --- wontfix


(Reporter: bob, Unassigned)




(Whiteboard: [sg:low spoof])

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv: Gecko/2008102920 Firefox/3.0.4
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv: Gecko/2008102920 Firefox/3.0.4

If you try to navigate to, Firefox will normalize and navigate to instead, which is clearly wrong.

Reproducible: Always

Steps to Reproduce:
1. Navigate to

Actual Results:  
Firefox tries to connect to port 38 on

Expected Results:  
Firefox should have tried to connect to port 80 on

Opera and IE both normalize to which seems reasonable to me since "%38%30" unencodes to "80".  Safari gives a weird error message.
Version: unspecified → 3.0 Branch
OS: Mac OS X → All
Hardware: Macintosh → All
From reading RFC 3986, it's pretty clear that percent encoding port numbers is not legitimate.  However, pulling out a numeric valid from a percent encoded string is even less legitimate.

The way I see it, there's only two sensible approaches here.  You could take the purist approach and give an error message.  Or you could take the liberalist approach and unencode the port component before looking for a numeric value.
Dao: Something with how firefox decodes uris? Might be more than just firefox though.. If you hover over the URL link, it already shows, so not just the location bar decoding logic..
Yeah sorry, I knew it wasn't location bar specific, but I didn't see a better place to categorize the bug.
Component: Location Bar and Autocomplete → Networking
Product: Firefox → Core
QA Contact: → networking
Whiteboard: [sg:low spoof]
Version: 3.0 Branch → Trunk
Ever confirmed: true
Summary: Firefox tries to connect to a bogus port when port is percent encoded. → percent-encoded port numbers are mis-parsed in URIs
This is fixed on trunk, still a problem in 3.6.x. Realistically we're not going to backport this fix.
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.