- From: Timothy Gu <notifications@github.com>
- Date: Sat, 15 May 2021 22:13:56 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/url/issues/602@github.com>
Currently per spec, mailto: paths are treated the same way as other "opaque" URLs. That is, weird characters in the "path" part of a mailto URL are kept verbatim. However, Chromium's implementation experience in their [bug 711020](https://crbug.com/711020) was that this could expose the surrounding operating system and other apps to arbitrary characters, and opted instead to percent-encode some characters. The specific encoding set is described in [url/url\_canon\_mailtourl.cc](https://source.chromium.org/chromium/chromium/src/+/main:url/url_canon_mailtourl.cc;l=16-31;drc=5aad5c26f615f67c3577c03cb54254867cdf9730), and is equivalent to
* [fragment percent-encode set](https://url.spec.whatwg.org/#fragment-percent-encode-set) plus U+007B ({), U+007C (|), and U+007D (}), or
* [path percent-encode set](https://url.spec.whatwg.org/#path-percent-encode-set) minus U+0023 (#) and U+003F (?), plus U+007C (|).
Though introducing new scheme-specific logic is generally frowned upon, I wonder if other implementors may have the appetite for introducing something similar in the spec. On the Chromium side, it would understandably be quite difficult to revert this behavior (a security patch) just for interop.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/issues/602
Received on Sunday, 16 May 2021 05:14:09 UTC