Ticket #8444 (closed Bug: invalid)
FF - <a> tag href incorrectly encoded
| Reported by: | lynne_kues | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | General | Version: | 3.0 |
| Keywords: | IBM Firefox | Cc: |
Description
Run the attached code example. Click the "Test" button on the toolbar. Go to the source view. Notice that the "!" character is incorrectly encoded. Expected result is that the "!" character is not encoded, thus allowing navigation to the href to occur.
Attachments
Change History
comment:1 Changed 20 months ago by lynne_kues
- Summary changed from FF - a tag href incorrectly encoded to FF - <a> tag href incorrectly encoded
comment:2 Changed 20 months ago by j.swiderski
- Keywords Firefox added
- Status changed from new to confirmed
- Version changed from 3.4.2 to 3.0
I have managed to reproduce it from CKEditor 3.0
comment:3 Changed 19 months ago by fredck
- Status changed from confirmed to closed
- Resolution set to invalid
I've just completed a extensive research about this issue.
The first point: the browser automatically encodes "!". To prove it, just create a page with the following code:
<!DOCTYPE html>
<html>
<head>
<script>
window.onload = function()
{
alert( document.body.innerHTML );
};
</script>
</head>
<body>
<p><a href="alm://caliberrm!WL028197_20000_101/283;ns=requirement">t</a></p>
</body>
</html>
Then we have this fragment of the URI specs:
2.3. Unreserved Characters
Data characters that are allowed in a URI but do not have a reserved
purpose are called unreserved. These include upper and lower case
letters, decimal digits, and a limited set of punctuation marks and
symbols.
unreserved = alphanum | mark
mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
Unreserved characters can be escaped without changing the semantics
of the URI, but this should not be done unless the URI is being used
in a context that does not allow the unescaped character to appear.
So "!" is considered a "Unreserved Characters". For some reason, the browser consider it as something that needs to be escaped on that context, but the import information here is that "Unreserved characters can be escaped without changing the semantics of the URI".
This means that if the URL has "!" escaped or not, doesn't make any difference. The browser will always see it as "!".
In fact, unlike stated by the reporter, browsers will properly navigate to the correct URL if "!" is escaped. This invalidates the ticket, considering that this is the reporter requirement.
comment:4 Changed 19 months ago by fredck
Further information on this.
I've confirmed that this issue happens just when doing custom manipulation of the editor DOM, just like the reported TC does.
If instead the link is injected through editor.setData() or editor.insertHtml(), then no escaping happens because the editor preserves the original URL.
