21978 – KURL should not allow "%00" in paths

RESOLVED WONTFIX 21978

KURL should not allow "%00" in paths

https://bugs.webkit.org/show_bug.cgi?id=21978

Summary KURL should not allow "%00" in paths

Brett Wilson (Google)

Reported 2008-10-30 11:34:26 PDT

IE prevents URLs with paths containing "%00" from being loaded or interpreted in any way. I assume this is to prevent possible bad things from happening at the OS layer or from poorly written servers. Firefox supports it, but you can not give much argument for supporting it if IE doesn't. In WebKit, this bug is much worse because of bug 21975. I think the unescaping should be prohibited along with not allowing %00 in path names in the first place.

Attachments
Add attachment proposed patch, testcase, etc.

Anne van Kesteren

Comment 1 2023-05-22 03:46:57 PDT

Forbidding %00 would go against the standard.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component Platform

Assignee

Nobody

Reported

2008-10-30 11:34 PDT

Modified

2023-05-22 03:46 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks

37641

Dependencies

tree graph