Re: [whatwg/url] Percent encode NULLs in fragments (#440)

> AppProtocols tend to be the easiest routes out of the browser sandbox, and the native-code full-trust applications parsing the URLs handed to them do so with varying levels of paranoia.

I'm pretty sure that Chrome, at least, hands everything in the URL to the app (the "non-special" case in the table above). If apps are vulnerable to some aspect of parsing nulls, they're already in trouble. This wouldn't add much trouble, I think.

> (I'm not sure about gopher though… who still uses that, and if so how?)

https://github.com/whatwg/url/issues/342 :)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/issues/440#issuecomment-496396190

Received on Tuesday, 28 May 2019 07:21:50 UTC