21978 – KURL should not allow "%00" in paths

Bug 21978 - KURL should not allow "%00" in paths

Summary: KURL should not allow "%00" in paths

Status:	RESOLVED WONTFIX

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Platform (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	37641
	Show dependency tree / graph

Reported:	2008-10-30 11:34 PDT by Brett Wilson (Google)
Modified:	2023-05-22 03:46 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brett Wilson (Google) 2008-10-30 11:34:26 PDT

IE prevents URLs with paths containing "%00" from being loaded or interpreted in any way. I assume this is to prevent possible bad things from happening at the OS layer or from poorly written servers.

Firefox supports it, but you can not give much argument for supporting it if IE doesn't. In WebKit, this bug is much worse because of bug 21975. I think the unescaping should be prohibited along with not allowing %00 in path names in the first place.

Comment 1 Anne van Kesteren 2023-05-22 03:46:57 PDT

Forbidding %00 would go against the standard.