failure to parse quoted-string parameters in "data:" URIs

NEW
Unassigned

Status

()

Core
Networking
P5
normal
6 years ago
5 months ago

People

(Reporter: Julian Reschke, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [necko-would-take], URL)

(Reporter)

Description

6 years ago
Example:

  data:image/svg+xml;foo=%22bar,bar%22,....

This is a data URI with a media type of

  image/svg+xml;foo="bar,bar"

Note the comma is part of the parameter "foo", not the delimiter for the payload.

Test case at:

  <http://greenbytes.de/tech/tc/datauri/#ext-simple-qs>
(Reporter)

Comment 1

6 years ago
The problem is caused by nsDataHandler::ParseURI not actually parsing the URI, but trying to separate media type, base64 flag and payload by simple character lookups.
AFAIU the combination of the data URI RFC <http://tools.ietf.org/html/rfc2397> and the generic URI RFC referenced from there <http://tools.ietf.org/html/rfc2396>, the "," inside the parameter would need to be escaped as well:

  data:image/svg+xml;foo=%22bar%2Cbar%22,....
Whiteboard: [necko-would-take]
You need to log in before you can comment on or make changes to this bug.