failure to parse quoted-string parameters in "data:" URIs

NEW
Unassigned

Status

()

P5
normal
7 years ago
a year ago

People

(Reporter: julian.reschke, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [necko-would-take], URL)

(Reporter)

Description

7 years ago
Example:

  data:image/svg+xml;foo=%22bar,bar%22,....

This is a data URI with a media type of

  image/svg+xml;foo="bar,bar"

Note the comma is part of the parameter "foo", not the delimiter for the payload.

Test case at:

  <http://greenbytes.de/tech/tc/datauri/#ext-simple-qs>
(Reporter)

Comment 1

7 years ago
The problem is caused by nsDataHandler::ParseURI not actually parsing the URI, but trying to separate media type, base64 flag and payload by simple character lookups.
AFAIU the combination of the data URI RFC <http://tools.ietf.org/html/rfc2397> and the generic URI RFC referenced from there <http://tools.ietf.org/html/rfc2396>, the "," inside the parameter would need to be escaped as well:

  data:image/svg+xml;foo=%22bar%2Cbar%22,....
Whiteboard: [necko-would-take]
You need to log in before you can comment on or make changes to this bug.