Open Bug 746550 Opened 10 years ago Updated 5 years ago

failure to parse quoted-string parameters in "data:" URIs

Categories

(Core :: Networking, defect, P5)

defect

Tracking

()

People

(Reporter: julian.reschke, Unassigned)

References

()

Details

(Whiteboard: [necko-would-take])

Example:

  data:image/svg+xml;foo=%22bar,bar%22,....

This is a data URI with a media type of

  image/svg+xml;foo="bar,bar"

Note the comma is part of the parameter "foo", not the delimiter for the payload.

Test case at:

  <http://greenbytes.de/tech/tc/datauri/#ext-simple-qs>
The problem is caused by nsDataHandler::ParseURI not actually parsing the URI, but trying to separate media type, base64 flag and payload by simple character lookups.
AFAIU the combination of the data URI RFC <http://tools.ietf.org/html/rfc2397> and the generic URI RFC referenced from there <http://tools.ietf.org/html/rfc2396>, the "," inside the parameter would need to be escaped as well:

  data:image/svg+xml;foo=%22bar%2Cbar%22,....
Whiteboard: [necko-would-take]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.