Re: parsing URI (references) according to RFC 3986

On 6/20/11 1:32 AM, Chris Weber wrote:
> On 6/19/2011 8:56 PM, Boris Zbarsky wrote:

> I can validate what you're saying in the DOMs parsing. It looks like
> other browsers do the same, with the exception of Opera which
> percent-encodes the "\" as %5C. Here are my results for
> "file://c:/0111\foo"
...
>> P.S. In Gecko's case, also on Windows and OS2, for urls that parse like
>> "file" (ones where we don't expect an authority section), there's some
>> sort of magic to detect that things like "file://c:/foo" or
>> "file://c|/foo" is actually to be parsed as something with host = "" and
>> file path "/c|/foo" as opposed to something with host "c:" or "c|". I
>> have no idea whether other UAs do something similar...
>
> It seems a little scary if I understand what you're saying correctly.

Why scary (other than the need to figure out whether this is needed for 
compat and if so specify it)?  Are there security issues here that you see?

Note that this behavior seems somewhat interoperable in the 5 browsers 
you tested, and that the first test you ran (where you were testing the 
\ behavior) actually depended on it....

> More scary perhaps is that when I test "file://c|/0110/foo" I see in the
> DOM parsing that IE and Chrome both convert the "|" to the ":".

Again, why is this scary, apart from the magic-ness of it all?

-Boris

Received on Monday, 20 June 2011 05:54:39 UTC