Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#8444 closed Bug (invalid)

FF - <a> tag href incorrectly encoded

Reported by: lynne_kues Owned by:
Priority: Normal Milestone:
Component: General Version: 3.0
Keywords: IBM Firefox Cc:


Run the attached code example. Click the "Test" button on the toolbar. Go to the source view. Notice that the "!" character is incorrectly encoded. Expected result is that the "!" character is not encoded, thus allowing navigation to the href to occur.

Attachments (1)

url-encoding.html (1.7 KB) - added by lynne_kues 6 years ago.

Download all attachments as: .zip

Change History (5)

Changed 6 years ago by lynne_kues

comment:1 Changed 6 years ago by lynne_kues

  • Summary changed from FF - a tag href incorrectly encoded to FF - <a> tag href incorrectly encoded

comment:2 Changed 6 years ago by j.swiderski

  • Keywords Firefox added
  • Status changed from new to confirmed
  • Version changed from 3.4.2 to 3.0

I have managed to reproduce it from CKEditor 3.0

comment:3 Changed 6 years ago by fredck

  • Resolution set to invalid
  • Status changed from confirmed to closed

I've just completed a extensive research about this issue.

The first point: the browser automatically encodes "!". To prove it, just create a page with the following code:

<!DOCTYPE html>

window.onload = function()
	alert( document.body.innerHTML );

	<p><a href="alm://caliberrm!WL028197_20000_101/283;ns=requirement">t</a></p>

Then we have this fragment of the URI specs:

2.3. Unreserved Characters

   Data characters that are allowed in a URI but do not have a reserved
   purpose are called unreserved.  These include upper and lower case
   letters, decimal digits, and a limited set of punctuation marks and

      unreserved  = alphanum | mark

      mark        = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"

   Unreserved characters can be escaped without changing the semantics
   of the URI, but this should not be done unless the URI is being used
   in a context that does not allow the unescaped character to appear.

So "!" is considered a "Unreserved Characters". For some reason, the browser consider it as something that needs to be escaped on that context, but the import information here is that "Unreserved characters can be escaped without changing the semantics of the URI".

This means that if the URL has "!" escaped or not, doesn't make any difference. The browser will always see it as "!".

In fact, unlike stated by the reporter, browsers will properly navigate to the correct URL if "!" is escaped. This invalidates the ticket, considering that this is the reporter requirement.

comment:4 Changed 6 years ago by fredck

Further information on this.

I've confirmed that this issue happens just when doing custom manipulation of the editor DOM, just like the reported TC does.

If instead the link is injected through editor.setData() or editor.insertHtml(), then no escaping happens because the editor preserves the original URL.

Note: See TracTickets for help on using tickets.
© 2003 – 2016 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy