Closed Bug 73597 Opened 24 years ago Closed 23 years ago

URL w/ IPv4 address as decimal + 2 @ signs.

Categories

(Core :: Networking, defect)

x86
Windows 2000
defect
Not set
normal

Tracking

()

VERIFIED DUPLICATE of bug 67730
mozilla1.0

People

(Reporter: Marko.Macek, Assigned: neeti)

References

()

Details

the "URL" can't be visited by mozilla ;) I'm not sure the URL is valid but it's handled fine by 4.76 and IE 5.5
Because of the patent problems, Mozilla has to filter out all zeros and ones. This should move to evangelism, to ask CNN to use URL's without zero's and ones in it.
This URL isn't just "tricky" its crazy. From what I can tell, this URL is routing to a downstream computer from centralhosting.net http://www.cnn.com@sci-tech@3520040376/new_010325/alert/breakingnews.html 3520040376 is the host (I didn't know you could just put in a number, but every browser I see goes to centralhosting.net sci-tech appears to be the user at centralhosting, with www.cnn.com being the user under sci-tech. Then /new_010325/alert/breakingnews.html is the directory on that server. The problem I have is that you don't even need the domains @ 3520040376. You can just go to centralhosting.net and get the document new_010325/alert/breakingnews.html I don't know what the format of a URL is supposed to be, but I can say that this will definately be a fringe case. On the plus side, mozilla does get to http://3520040376/ just fine. It also gets to sci-tech@3520040376 fine its the second (or first if you read from left to right) @ domain www.cnn.com that doesn't seem to work. Mozilla sends sci-tech@3520040376 as a search parameter. Well, hope this helps. Now off to read the URI spec to figure out how that number works.
That number is just he IP address in straight decimal instead of dotted notation. That being said, the URL provided does not load for me with Netscape 4.x on Linux. Mozilla on linux reports that the hostname "sci-tech@3520040376" could not be found.
Note: whether you can resolve this URL or not may depend on your proxy server. I get an error from our transparent web cache. Gerv
If I'm correct the normal format to pass a username and password: htt://username:password@server.com or username@server.com At least it works that way with FTP. Password can have a '@' sign in it , so Mozilla should probably scan for the last '@' when breaking up the URL into it's parts. Typing in the addres bar: http://username:pass@word@www.mozilla.org gives error 'word@www.mozilla.org could not be found' http://username:password@www.mozilla.org works as expected.
Target Milestone: --- → mozilla1.0
Where did this url appear?
I got the URL in some mail by a friend.
mass move, v2. qa to me.
QA Contact: tever → benc
'@' is not an allowed character in <userinfo> (RFC 2396; you have to escape it). Straight decimal IP addresses aren't valid either. Only question I have: Is this bug INVALID or Evangelism?
This URL may die if we ever fix bug 67730. The hostname resolution will die: <big number> is not a FQDN or an IPV4 address, so it should never attempt to connect. The host is a domain name of a network host, or its IPv4 address as a set of four decimal digit groups separated by ".". Literal IPv6 addresses are not supported. hostport = host [ ":" port ] host = hostname | IPv4address hostname = *( domainlabel "." ) toplabel [ "." ] domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum toplabel = alpha | alpha *( alphanum | "-" ) alphanum IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit port = *digit http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2396.html
Summary: can't visit tricky url → URL w/ IPv4 address as decimal + 2 @ signs.
If the RFC says it's invalid, go ahead and mark it INVALID. I just wanted to know if this was allowed by too relaxed parsers in ns4 and ie. I hope bug 67730 gets fixed too...
If you create a URL w/ the IP address as a dotted quad, and it doesn't work, you should still push for analysis of the double "@" sign question in a new bug. *** This bug has been marked as a duplicate of 67730 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
+verifyme - looking for someone to second my motion for resolution...
Keywords: verifyme
I question whether this should be a duplicate, or whether it should be changed to be a bug about handling @ symbols in the URL. I understand that the symbol is forbidden, but couldn't mozilla try to correct for that? Also, it appears the page is now a 404.. oh well, it was funny. If someone can point out where it says we shouldn't allow @ symbols, I'll verify.
Here's my take: From reading RFC 1738: HTTP does not support this, it supports a narrower: http://<host>:<port>/<path>?<searchpart> So, everything between "http://" and the next "/" (since there is no ":port" in this case), is treated as a hostname. As such, "www.cnn.com@sci-tech@3520040376" as a hostname would also be invalid. ; HTTP httpurl = "http://" hostport [ "/" hpath [ "?" search ]] hpath = hsegment *[ "/" hsegment ] hsegment = *[ uchar | ";" | ":" | "@" | "&" | "=" ] search = *[ uchar | ";" | ":" | "@" | "&" | "=" ] In either case: "@" is reserved, it is not part the definitions of alpha or digits: reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h" | "i" | "j" | "k" | "l" | "m" | "n" | "o" | "p" | "q" | "r" | "s" | "t" | "u" | "v" | "w" | "x" | "y" | "z" hialpha = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "J" | "K" | "L" | "M" | "N" | "O" | "P" | "Q" | "R" | "S" | "T" | "U" | "V" | "W" | "X" | "Y" | "Z" alpha = lowalpha | hialpha digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" If it were part of the password, you could URL (hex) encode it: "If the character corresponding to an octet is reserved in a scheme, the octet must be encoded. "
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.