Summary: | java\0script: treated as javascript: | ||
---|---|---|---|
Product: | WebKit | Reporter: | Darin Fisher (:fishd, Google) <fishd> |
Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED INVALID | ||
Severity: | Normal | CC: | ap |
Priority: | P2 | ||
Version: | 528+ (Nightly build) | ||
Hardware: | PC | ||
OS: | OS X 10.5 |
Description
Darin Fisher (:fishd, Google)
2008-04-24 16:24:55 PDT
I can only see tests verifying that java\0script: URLs are _not_ executed. Where do we treat java\0script: as javascript:? Hmm... the http/tests/javascriptURL directory does not seem to exist anymore. From my testing, it looks like this bug is not valid. One thing I noticed is that Safari will try to load "java" as the URL, whereas other browsers will just out-right fail when given java\0script:foo. I guess they are being overly cautious due to the presence of the null byte. (In reply to comment #2) > Hmm... the http/tests/javascriptURL directory does not seem to exist anymore. It's actually in http/tests/security/javascriptURL. |