Re: requesting feedback regarding HTML5 and RFC 3987

On 6/19/11 5:47 PM, Adam Barth wrote:
> Does that mean if a new document arises from evaluating the JavaScript
> URL that you'll scroll the page to the indicated fragment?

Yes, but Firefox 4 and earlier does that too, because the "scroll to 
fragment" code doesn't actually use the results of parsing the URI (long 
story that I'm happy to fill people in on if desired) and instead 
serializes it to a string and then just grabs everything after the first 
'#'.

Testcase:

<iframe src="javascript:'<html><div style=&quot;height: 
1000px&quot;></div><div 
id=&quot;test\'&quot;>test</div></html>#test'"></iframe>

> In the resulting document, will location.hash contain the part after the # ?

Yes (this will be a behavior change from Firefox 4).  Testcase:

<iframe 
src="javascript:'<html><script>alert(location.hash);</script></html>#test'"></iframe>

> What will assigning to location.hash do (e.g., re-evaluating the
> JavaScript URL or just scroll the page)?

Just scroll the page.  This will be a behavior change from Firefox 4, 
where I believe the set was ignored entirely.  Testcase:

<iframe src="javascript:alert('running'); '<html><div 
style=&quot;height: 1000px&quot;></div><div 
id=&quot;test&quot;>test</div><script>location.hash=&quot;test&quot;</script></html>'"></iframe>

Note that those first two behaviors are arguably a violation of the 
current HTML5 drafts, because the URI of a javascript:-generated 
document is not supposed to be a javascript: URI per those drafts.  So 
you're right that the change Gecko is making is black-box detectable 
using location.hash for the moment, but once we implenent the HTML5 spec 
on this (assuming it doesn't change) it may not be....

-Boris

Received on Monday, 20 June 2011 03:11:15 UTC