Bug 21978
Summary: | KURL should not allow "%00" in paths | ||
---|---|---|---|
Product: | WebKit | Reporter: | Brett Wilson (Google) <brettw> |
Component: | Platform | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED WONTFIX | ||
Severity: | Normal | CC: | abarth, annevk, ap |
Priority: | P2 | ||
Version: | 528+ (Nightly build) | ||
Hardware: | All | ||
OS: | All | ||
Bug Depends on: | |||
Bug Blocks: | 37641 |
Brett Wilson (Google)
IE prevents URLs with paths containing "%00" from being loaded or interpreted in any way. I assume this is to prevent possible bad things from happening at the OS layer or from poorly written servers.
Firefox supports it, but you can not give much argument for supporting it if IE doesn't. In WebKit, this bug is much worse because of bug 21975. I think the unescaping should be prohibited along with not allowing %00 in path names in the first place.
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
Anne van Kesteren
Forbidding %00 would go against the standard.