W3C home > Mailing lists > Public > www-validator-cvs@w3.org > June 2004

[Bug 799] New: HTML, URI escaping issues

From: <bugzilla@wiggum.w3.org>
Date: Tue, 15 Jun 2004 22:52:49 +0000
To: www-validator-cvs@w3.org
Message-Id: <E1BaMnR-0006be-Rb@wiggum.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=799

           Summary: HTML, URI escaping issues
           Product: CSSValidator
           Version: CSS Validator
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: major
          Priority: P1
         Component: Other
        AssignedTo: ot@w3.org
        ReportedBy: ville.skytta@iki.fi
         QAContact: www-validator-cvs@w3.org


There are both HTML and URI escaping issues on the results page, and seemingly
"inside" the CSS validator too.

Missing HTML escaping, some variants:
http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fjigsaw.w3.org%2F%3Ffoo%3D%3Cscript%3Ealert%28%22hello+world%22%29%3C%2Fscript%3E&usermedium=all
http://jigsaw.w3.org/css-validator/validator?uri=%3Cscript%3Ealert%28%27hello+world%27%29%3C%2Fscript%3E&usermedium=all

Missing HTML escaping, and malformed request URI also possibly sent on the wire:
http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fwww.w3.org%2F%3Ffoo%3D%3Cscript%3Ealert%28%27hello+world%27%29%3C%2Fscript%3E&usermedium=all

Missing URI escaping:
http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fjigsaw.w3.org%2F%3Ffoo%3Dbar%26quux%3Dbaz&usermedium=all
(See the "If you would like to create a link to this page ... the URI is:" part)



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Received on Tuesday, 15 June 2004 18:52:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:02:06 UTC