18723 – java\0script: treated as javascript:

Bug 18723 - java\0script: treated as javascript:

Summary: java\0script: treated as javascript:

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-04-24 16:24 PDT by Darin Fisher (:fishd, Google)
Modified:	2009-04-09 05:23 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Darin Fisher (:fishd, Google) 2008-04-24 16:24:55 PDT

java\0script: treated as javascript:

firefox and ie do not do this, and it seems risky to do so.

it looks like there are a variety of layout tests under http/tests/javascriptURL that expect these two URL schemes to be the same.

Comment 1 Alexey Proskuryakov 2009-04-08 22:51:39 PDT

I can only see tests verifying that java\0script: URLs are _not_ executed. Where do we treat java\0script: as javascript:?

Comment 2 Darin Fisher (:fishd, Google) 2009-04-09 01:44:07 PDT

Hmm... the http/tests/javascriptURL directory does not seem to exist anymore.

From my testing, it looks like this bug is not valid.  One thing I noticed is that Safari will try to load "java" as the URL, whereas other browsers will just out-right fail when given java\0script:foo.  I guess they are being overly cautious due to the presence of the null byte.

Comment 3 Alexey Proskuryakov 2009-04-09 05:23:31 PDT

(In reply to comment #2)
> Hmm... the http/tests/javascriptURL directory does not seem to exist anymore.

It's actually in http/tests/security/javascriptURL.