- From: Simon Sapin <simon.sapin@kozea.fr>
- Date: Tue, 22 May 2012 12:17:00 +0200
- To: Cameron McCormack <cam@mcc.id.au>
- CC: "www-style@w3.org" <www-style@w3.org>
Le 22/05/2012 07:59, Cameron McCormack a écrit :
> Does CSS allow IRIs to be used inside url() values?
>
> data:text/html;charset=utf-8;base64,PCFkb2N0eXBlIGh0bWw%2BPGJvZHkgc3R5bGU9ImJhY2tncm91bmQtaW1hZ2U6IHVybChodHRwOi8vcsOka3Ntw7ZyZ8Olcy5qb3NlZnNzb24ub3JnL3Jha3Ntb3JnYXMuanBnIj4%3D
>
> seems to work in various browsers. zcorpan pointed out to me that
> css3-syntax should parse the entire url(...iri...) into a URI token, but
> I don't see anything inhttp://dev.w3.org/csswg/css3-values/#urls that
> says how to interpret the bit of the token between the parens and the
> optional quotes (i.e. as a URI, an IRI, or something else).
I asked more or less the same recently:
http://lists.w3.org/Archives/Public/www-style/2012May/0590.html
As you can see there, Firefox and Chrome (I did not test in other
browsers) seem to have a consistent behavior:
* Accept any Unicode string (CSS syntax allows any codepoint through
backslash-hex escaping)
* For any character not allowed at all[1] in URIs, encode to UTF-8 then
%-encode. This is much like RFC 3987’s "Mapping of IRIs to URIs".
* Do not bother checking any validity
[1] All characters that are neither reserved, unreserved nor '%'
Examples:
url('>é') (invalid IRI because '>' is not allowed) is encoded to
%3E%C3%A9, a valid URI.
url('%é') (invalid IRI because '%' is not followed by a hex code) is
encoded to %%C3%A9, which is still invalid. The browsers makes the
request anyway and (with most HTTP servers) gets a "400 Bad Request"
response.
We could keep this behavior (CSS doesn’t care, fetching may fail at a
lower level) or require more restrictive checks. But in any case, as you
say, css3-values needs to have something on the subject.
--
Simon Sapin
Received on Tuesday, 22 May 2012 10:17:54 UTC