- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Fri, 28 Sep 2012 11:45:33 -0400
- To: whatwg@lists.whatwg.org
On 9/28/12 11:34 AM, Boris Zbarsky wrote: > I'm not sure why it never hits the alert. A similar testcase not inside > the live dom viewer works just fine. Oh, I see why it's different. In the case I was testing (just loading a file from file://), the javascript: URI is created from the string 'javascript:alert("%E2%84")' with charset set to ISO-8859-1. When the URI parser is done with that, it has converted it to an internal representation that looks like 'javascript:alert("%C3%A2%E2%80%9E")' and then when you unescape and convert from UTF-8 you get those original two ISO-8859-1 chars. But on the live dom viewer, the URI is being created from the same string, but with charset set to UTF-8. When the URI parser is done with that, it has converted to an internal representation that looks like 'javascript:alert("%e2%84")' and then when you unescape you get a byte array with the bytes 0xe2 0x84, and converting from UTF-8 you get a 0-length string because the "convert from utf-8" function involved doesn't handle malformed utf-8 very well. So nothing happens. -Boris
Received on Friday, 28 September 2012 15:46:08 UTC