Open Bug 746550 Opened 13 years ago Updated 3 years ago

failure to parse quoted-string parameters in "data:" URIs

Tracking

()

Status:

NEW

People

(Reporter: julian.reschke, Unassigned)

References

(
URL
)

Details

(Whiteboard: [necko-would-take])

Julian Reschke

Reporter

Description

•

13 years ago

Example: data:image/svg+xml;foo=%22bar,bar%22,.... This is a data URI with a media type of image/svg+xml;foo="bar,bar" Note the comma is part of the parameter "foo", not the delimiter for the payload. Test case at: <http://greenbytes.de/tech/tc/datauri/#ext-simple-qs>

Julian Reschke

Reporter

Comment 1

•

13 years ago

The problem is caused by nsDataHandler::ParseURI not actually parsing the URI, but trying to separate media type, base64 flag and payload by simple character lookups.

Alexander Klimetschek

Comment 2

•

12 years ago

AFAIU the combination of the data URI RFC <http://tools.ietf.org/html/rfc2397> and the generic URI RFC referenced from there <http://tools.ietf.org/html/rfc2396>, the "," inside the parameter would need to be escaped as well: data:image/svg+xml;foo=%22bar%2Cbar%22,....

Patrick McManus [:mcmanus]

Updated

•

9 years ago

Whiteboard: [necko-would-take]

Firefox Bug Husbandry Bot

Comment 3

•

8 years ago

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258

Priority: -- → P5

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

failure to parse quoted-string parameters in "data:" URIs

Categories

(Core :: Networking, defect, P5)

Tracking

()

People

(Reporter: julian.reschke, Unassigned)

References

(
URL
)

Details

(Whiteboard: [necko-would-take])

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated

Comment 3

Updated