- From: Christian Schmidt <whatwg.org@chsc.dk>
- Date: Wed, 18 Oct 2006 16:33:25 +0200
Most modern browsers support the following: <a href="javascript:alert(123)">foo</a> AFAICS "javascript:alert(123)" is not a valid IRI according to RFC 3987 (it should be "javascript:alert%28123%29" instead) and is thus not allowed in an <input type="url"> field. This is somewhat surprising to me, and I think it will confuse users that they now have to manually escape their javascript: URLs when entering them in url input fields. Would it cause any problems to somehow allow the unescaped form in url input fields? Or is that a dangerous road to go down? Christian
Received on Wednesday, 18 October 2006 07:33:25 UTC