- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Wed, 18 Oct 2006 16:42:46 +0200
* Christian Schmidt wrote: >AFAICS "javascript:alert(123)" is not a valid IRI according to RFC 3987 >(it should be "javascript:alert%28123%29" instead) and is thus not >allowed in an <input type="url"> field. You are mistaken. >This is somewhat surprising to me, and I think it will confuse users >that they now have to manually escape their javascript: URLs when >entering them in url input fields. There is a note in the draft to the effect that user agents are free to allow users enter something non-compliant so long as they fix it up be- fore processing continues. -- Bj?rn H?hrmann ? mailto:bjoern at hoehrmann.de ? http://bjoern.hoehrmann.de Weinh. Str. 22 ? Telefon: +49(0)621/4309674 ? http://www.bjoernsworld.de 68309 Mannheim ? PGP Pub. KeyID: 0xA4357E78 ? http://www.websitedev.de/
Received on Wednesday, 18 October 2006 07:42:46 UTC