W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2006

[whatwg] IRIs and javascript: scheme

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Wed, 18 Oct 2006 16:42:46 +0200
Message-ID: <u4fcj2dbdi37eo169nhc4orak8v5eeque8@hive.bjoern.hoehrmann.de>
* Christian Schmidt wrote:
>AFAICS "javascript:alert(123)" is not a valid IRI according to RFC 3987 
>(it should be "javascript:alert%28123%29" instead) and is thus not 
>allowed in an <input type="url"> field.

You are mistaken.

>This is somewhat surprising to me, and I think it will confuse users
>that they now have to manually escape their javascript: URLs when
>entering them in url input fields.

There is a note in the draft to the effect that user agents are free to
allow users enter something non-compliant so long as they fix it up be-
fore processing continues.
-- 
Bj?rn H?hrmann ? mailto:bjoern at hoehrmann.de ? http://bjoern.hoehrmann.de
Weinh. Str. 22 ? Telefon: +49(0)621/4309674 ? http://www.bjoernsworld.de
68309 Mannheim ? PGP Pub. KeyID: 0xA4357E78 ? http://www.websitedev.de/ 
Received on Wednesday, 18 October 2006 07:42:46 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:48 UTC