Closed Bug 504310 Opened 15 years ago Closed 14 years ago

Firefox does not escape curly braces in query part of URIs typed into the address bar, gives invalid URIs

Categories

(Firefox :: Toolbars and Customization, defect)

Product:
Firefox
Component:
Toolbars and Customization
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 479145

People

(Reporter: mail, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; de-de) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; de; rv:1.9.1) Gecko/20090624 Firefox/3.5

If I directly type a URI into the address bar that contains disallowed URI characters, Firefox will usually escape them for me. However if I enter an address like this:
  http://www.example.com/?x={}

The curly braces are not escaped. Both RFC2936 and RFC3986 disallow these characters in URIs. This can lead to interoperability issues with server side software that correctly parses URIs.

Most surprisingly, if I do the same using an HTML form and GET, the curly brace gets escaped properly.

Reproducible: Always

Steps to Reproduce:
1. type the URI http://www.example.com into the address bar, press enter
2. observer that the URI sent to the server includes verbatim {, not %7B

Actual Results:  
GET /?x={}

Expected Results:  
GET /?x=%7B%7C
Note that there are several other ASCII characters that are not allowed in URIs, they might deserve checking as well. For example Firefox does not escape the literal '/' character. While that one is allowed in the newer RFC 3986, it is disallowed in HTTP as that spec uses RFC 2936.
Duplicate of bug 479145?
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.