Open
Bug 906417
Opened 11 years ago
Updated 3 years ago
Firefox does not check illegal URIs in drag-and-drop getData().
Categories
(Core :: DOM: Copy & Paste and Drag & Drop, defect, P5)
Tracking
()
UNCONFIRMED
People
(Reporter: evolution.jimmy, Unassigned)
Details
Attachments
(1 file)
3.19 KB,
text/html
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release) Build ID: 20130817030228 Steps to reproduce: In `dragstart` event handler, run setData('url', 'illegal url'); or setData('url, 'ht@tp://example.com') or setData('url', 'http://example.com/aa bb') or setData('url', 'urn:urn:bar123456') and then run getData('url') in `dragstart` handler or `drop` handler. Actual results: Corresponding to four cases above, getData('url') returns: 'illegal url' 'ht@tp://example.com' 'http://example.com/aa bb' 'urn:urn:bar123456' Expected results: It should return: '' because URL syntax is <scheme>:<scheme-specific-part> '' because <scheme> can only contain a-z, `+`, or `-` 'http://example.com/aa%20bb' because characters after `http://`should be encoded '' because in URN syntax "urn:" <NID> ":" <NSS>, <NID> cannot use `urn` to avoid confusion, described in RFC2141 Section 2.1
Reporter | ||
Comment 1•11 years ago
|
||
Also: setData('url', 'urn:foo:ba%r123456') should get 'urn:foo:ba%25r123456' according to RFC2141 Section 2.3.1
Attachment #791807 -
Attachment mime type: text/plain → text/html
Comment 2•3 years ago
|
||
Bulk-downgrade of unassigned, >=3 years untouched DOM/Storage bug's priority.
If you have reason to believe this is wrong, please write a comment and ni :jstutte.
Severity: normal → S4
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•