- From: <bugzilla@wiggum.w3.org>
- Date: Tue, 15 Jun 2004 22:52:49 +0000
- To: www-validator-cvs@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=799
Summary: HTML, URI escaping issues
Product: CSSValidator
Version: CSS Validator
Platform: Other
OS/Version: other
Status: NEW
Severity: major
Priority: P1
Component: Other
AssignedTo: ot@w3.org
ReportedBy: ville.skytta@iki.fi
QAContact: www-validator-cvs@w3.org
There are both HTML and URI escaping issues on the results page, and seemingly
"inside" the CSS validator too.
Missing HTML escaping, some variants:
http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fjigsaw.w3.org%2F%3Ffoo%3D%3Cscript%3Ealert%28%22hello+world%22%29%3C%2Fscript%3E&usermedium=all
http://jigsaw.w3.org/css-validator/validator?uri=%3Cscript%3Ealert%28%27hello+world%27%29%3C%2Fscript%3E&usermedium=all
Missing HTML escaping, and malformed request URI also possibly sent on the wire:
http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fwww.w3.org%2F%3Ffoo%3D%3Cscript%3Ealert%28%27hello+world%27%29%3C%2Fscript%3E&usermedium=all
Missing URI escaping:
http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fjigsaw.w3.org%2F%3Ffoo%3Dbar%26quux%3Dbaz&usermedium=all
(See the "If you would like to create a link to this page ... the URI is:" part)
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Received on Tuesday, 15 June 2004 18:52:50 UTC