RESOLVED WORKSFORME11774
Percent-encoding of / doesn't work before/after host 
https://bugs.webkit.org/show_bug.cgi?id=11774
Summary Percent-encoding of / doesn't work before/after host
Nicholas Shanks
Reported 2006-12-07 04:42:54 PST
%-encoding of the slashes in a URL doesn't always work. WebKit seems to presume the first two should always be added, and fails if the slash following the domain is encoded. e.g. the following four URLs are equivalent: http:%2F%2F%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D%2F%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 http://%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D%2F%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 http://%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D/%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 http://web.nickshanks.com/books/getting-gold but only the latter two work. I can't tell if the encoded one causes a cache miss or not. Someone might want to check that it doesn't.
Attachments
Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2006-12-07 07:50:28 PST
Do any RFCs have anything to say about how much of the URL may be encoded? At least the current behavior would prevent people from clicking on spam links, or have the spammers moved on from this trick?
David Kilzer (:ddkilzer)
Comment 2 2006-12-07 13:33:06 PST
What do other modern browsers do with these URLs, like Firefox 1.5/2.0, MSIE 6.0 and Opera 9?
Nicholas Shanks
Comment 3 2006-12-07 14:57:43 PST
Oops, i encoded "books" with three "o"s :-) You'll get a 404 if you try it
Nicholas Shanks
Comment 4 2006-12-07 15:11:07 PST
In firefox 2.0 the second URL gets a trailing / appended to it, the top one doesn't work, the third and fourth are fineIn firefox 2.0 the second URL gets a trailing / appended to it, the top one doesn't work, the third and fourth are fine
Brent Fulgham
Comment 5 2022-07-06 15:45:07 PDT
No browsers handle the first URL as navigable: http:%2F%2F%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D%2F%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 Ditto the second: http://%77%65%62%2E%6E%69%63%6B%73%68%61%6E%6B%73%2E%63%6F%6D%2F%62%6F%6F%6F%6B%73%2F%67%65%74%74%69%6E%67%2D%67%6F%6C%64 All three browsers attempt to navigate to the third and fourth options. I don't see a compatibility issue here.
Note You need to log in before you can comment on or make changes to this bug.