Bug 3861 - & and & in link do not get converted to &
Summary: & and & in link do not get converted to &
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 412
Hardware: Mac OS X 10.4
: P2 Major
Assignee: Nobody
URL: http://bug.mathaddicts.org/
Keywords:
: 11655 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-07-05 04:28 PDT by Travis Goodspeed
Modified: 2007-07-12 21:26 PDT (History)
3 users (show)

See Also:


Attachments
testcase application/xhtml+xml (241 bytes, application/xhtml+xml)
2005-07-05 04:41 PDT, Joost de Valk (AlthA)
no flags Details
testcase application xhtml+xml (390 bytes, application/xhtml+xml)
2005-07-05 04:46 PDT, Joost de Valk (AlthA)
no flags Details
testcase text/html (390 bytes, text/html)
2005-07-05 04:51 PDT, Joost de Valk (AlthA)
no flags Details
testcase text/xml (390 bytes, text/xml)
2005-07-05 04:52 PDT, Joost de Valk (AlthA)
no flags Details
testcase application/xhtml+xml (427 bytes, application/xhtml+xml)
2005-07-05 04:56 PDT, Joost de Valk (AlthA)
no flags Details
Instruct libXML to parse entities (744 bytes, patch)
2005-09-23 03:54 PDT, Niels Leenheer (HTML5test)
eric: review-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Travis Goodspeed 2005-07-05 04:28:38 PDT
When the server sets the Content-type to text/xml and a link is clicked where the href contains a 
properly-escaped ampersand, the page loaded uses the numerical escape code for an ampersand instead 
of an ampersand.

This causes some serious issues with server-generated websites as links that set more than one variable 
are mutilated.
Comment 1 Joost de Valk (AlthA) 2005-07-05 04:41:53 PDT
Created attachment 2806 [details]
testcase application/xhtml+xml
Comment 2 Joost de Valk (AlthA) 2005-07-05 04:46:28 PDT
Created attachment 2807 [details]
testcase application xhtml+xml
Comment 3 Joost de Valk (AlthA) 2005-07-05 04:51:11 PDT
Created attachment 2808 [details]
testcase text/html

common text/html testcase
Comment 4 Joost de Valk (AlthA) 2005-07-05 04:52:34 PDT
Created attachment 2809 [details]
testcase text/xml
Comment 5 Joost de Valk (AlthA) 2005-07-05 04:55:09 PDT
testcases don't work yet, the url shows a testcase that does... it IS a bug tho :)
Comment 6 Joost de Valk (AlthA) 2005-07-05 04:56:35 PDT
Created attachment 2811 [details]
testcase application/xhtml+xml
Comment 7 Joost de Valk (AlthA) 2005-07-05 05:01:06 PDT
testcases work now. It seems that webkit just doesn't change & into & but it DOES change & into 
&. Renaming bug.
Comment 8 Niels Leenheer (HTML5test) 2005-09-23 03:54:10 PDT
Created attachment 4014 [details]
Instruct libXML to parse entities

The problem originated in the switch to libXML as the standard XML parser.
LibXML will not parse entities by default and must be explicitly instructed to
do so. The previous Qt parser works the other way around. This patch will turn
on entity parsing for libXML.
Comment 9 Darin Adler 2005-09-23 08:40:15 PDT
Comment on attachment 4014 [details]
Instruct libXML to parse entities

Looks good to me. I believe Eric Seidel is already working on this.
Comment 10 Eric Seidel (no email) 2005-09-23 09:29:46 PDT
Comment on attachment 4014 [details]
Instruct libXML to parse entities

This patch AFAIK won't actually do anything.  Intructing it is only really half
the battle.  If you look at my patch:
http://bugzilla.opendarwin.org/attachment.cgi?id=3953 you'll see the rest of
the improvements I needed to make for Entity support.
Comment 11 Niels Leenheer (HTML5test) 2005-09-23 09:49:50 PDT
Eric: This patch does do something. It enables libxml's build-in entity support.
This build-in support is limited to numeric entities and the standard named
entities defined in XML (quot, amp, lt, gt), which is exactly what this bug is
about. 

It looks like your patch will do the same and additionally add support for other
named entities (bug 4301), so my patch not needed anymore.
Comment 12 Eric Seidel (no email) 2005-10-16 21:36:51 PDT
This seems fixed.

*** This bug has been marked as a duplicate of 4301 ***
Comment 13 Eric Seidel (no email) 2005-10-16 21:37:42 PDT
Actually, this one is fixed, but independent of bug 4301.
Comment 14 Alexey Proskuryakov 2006-11-21 13:04:06 PST
*** Bug 11655 has been marked as a duplicate of this bug. ***
Comment 15 J Ross Nicoll 2006-11-24 04:38:16 PST
As I'm still seeing this bug in version 419.3, I'm wondering when we'll see a fixed version? Okay, what I really mean is, was the patch never committed into the source, or has this been broken again since fixing?
Comment 16 Alexey Proskuryakov 2006-11-24 09:58:02 PST
I've just tested, and it works correctly in the latest nightly build: <http://nightly.webkit.org>.

Vendors (such as Apple, Omni or Adobe) do not provide information about their release plans, and if you need this particular bugfix to be released ASAP, you'd have to contact each of them directly, unfortunately.
Comment 17 Bryce Nesbitt 2007-06-22 23:16:05 PDT
I still see this in Safari 2.0.4 (419.3).  AFIK, it is impossible to send more than one parameter back to the server in a xml document, such as XHTML MP (Mobile Profile), if it's served as xml:

test.xhtml

<?xml version="2.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
  <head><title>City CarShare - Neigborhood Vehicles</title></head>
<body>
<h2><img src="logo.png" alt="" />City CarShare</h2>
<p>
City CarShare is a Bay Area nonprofit on a mission to provide convenient, affordable access to cars so that we can reduce individual car ownership...
<a href="http://www.citycarshare.org/">www.citycarshare.org</a><br/>
<a href="http://www.citycarshare.org/test.xhtml?foo=1234&amp;fum=4567">test1</a><br/>
<a href="http://www.citycarshare.org/test.xhtml?foo=1234&#38;fum=4567">test2</a><br/>
</p>
</body>
</html>

The above XML escapes the amperstand, as it must to do validate.  Safari converts the &amp; to the &#38; entity.  The &#38; entity is left untouched.  Thus both URL's are damaged at the time the server gets them.  Is there a trick to get past this?
Comment 18 Gheorghe Flavian 2007-07-11 03:10:03 PDT
It' s not fixed!
I have a similar problem with a download link that uses javascript . This website uses javascript to send a php file the name of the file and another parameter: <a onclick= return dld(php_file?param1=%2F&amp;file='name')></a>
This link works in all other browser tested: Opera, Firefox, Internet Explorer. Problem appears both on the Mac and Windows version of Safari (3.0.2 the Windows version).
Comment 19 Alexey Proskuryakov 2007-07-11 05:35:57 PDT
Ugh, reopening. There was no fix in this bug, and apparently no regression case, sadly.

Broke between r18068 and r23922, I think we should find out when this happened (in case it was a test-less fix for some other bug).
Comment 20 Alexey Proskuryakov 2007-07-12 00:51:51 PDT
Hmm, I'm almost sure that I could reproduce this yesterday, but now I can not (of course, this still happens with shipping 10.4 Safari/WebKit, but that's not the point).

Help with testing needed.

> <a onclick= return dld(php_file?param1=%2F&amp;file='name')></a>

Gheorghe, this bug was only about XHTML, and your snippet is plain HTML. Please file a new bug for this issue.
Comment 21 Bryce Nesbitt 2007-07-12 21:18:30 PDT
It works for me with the current webkit, and the http://www.citycarshare.org/ example posted above.
Comment 22 Alexey Proskuryakov 2007-07-12 21:26:00 PDT
OK, so I guess it was my testing mistake. Sorry for the noise.