Bug 11774

Summary:	Percent-encoding of / doesn't work before/after host
Product:	WebKit	Reporter:	Nicholas Shanks <nickshanks>
Component:	New Bugs	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED WORKSFORME
Severity:	Normal	CC:	bfulgham, ddkilzer
Priority:	P2
Version:	419.x
Hardware:	Mac
OS:	OS X 10.4
URL:	http:%2F%2F%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D%2F%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64

Nicholas Shanks

Reported 2006-12-07 04:42:54 PST

%-encoding of the slashes in a URL doesn't always work. WebKit seems to presume the first two should always be added, and fails if the slash following the domain is encoded. e.g. the following four URLs are equivalent: http:%2F%2F%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D%2F%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 http://%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D%2F%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 http://%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D/%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 http://web.nickshanks.com/books/getting-gold but only the latter two work. I can't tell if the encoded one causes a cache miss or not. Someone might want to check that it doesn't.

Attachments
Add attachment proposed patch, testcase, etc.

David Kilzer (:ddkilzer)

Comment 1 2006-12-07 07:50:28 PST

Do any RFCs have anything to say about how much of the URL may be encoded? At least the current behavior would prevent people from clicking on spam links, or have the spammers moved on from this trick?

David Kilzer (:ddkilzer)

Comment 2 2006-12-07 13:33:06 PST

What do other modern browsers do with these URLs, like Firefox 1.5/2.0, MSIE 6.0 and Opera 9?

Nicholas Shanks

Comment 3 2006-12-07 14:57:43 PST

Oops, i encoded "books" with three "o"s :-) You'll get a 404 if you try it

Nicholas Shanks

Comment 4 2006-12-07 15:11:07 PST

In firefox 2.0 the second URL gets a trailing / appended to it, the top one doesn't work, the third and fourth are fineIn firefox 2.0 the second URL gets a trailing / appended to it, the top one doesn't work, the third and fourth are fine

Brent Fulgham

Comment 5 2022-07-06 15:45:07 PDT

No browsers handle the first URL as navigable: http:%2F%2F%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D%2F%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 Ditto the second: http://%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D%2F%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 All three browsers attempt to navigate to the third and fourth options. I don't see a compatibility issue here.

Note You need to log in before you can comment on or make changes to this bug.