Re: [whatwg/fetch] Prevent requests to URLs containing raw `\n` and `<`. (#546) from Taylor Hunt on 2017-05-22 (public-webapps-github@w3.org from May 2017)

From: Taylor Hunt <notifications@github.com>
Date: Mon, 22 May 2017 10:31:10 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/546/303167500@github.com>

There are many tutorials with inline SVG `data:` URIs that don't bother URL-encoding them, like [this one from CSS-Tricks](https://css-tricks.com/probably-dont-base64-svg/):

> You can leave the encoding in UTF-8, and drop the <svg> syntax right in there! Like this:
> 
> ```html
> <img src='data:image/svg+xml;utf8,<svg ... > ... </svg>'>
> ```

(Also, yes, the character encoding declaration is malformed.)

This may not be a huge issue because Firefox and IE never supported unencoded `<` in `data:` URIs, but I figured it was worth bringing up.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/546#issuecomment-303167500

Received on Monday, 22 May 2017 17:31:45 UTC