Ticket #8444 (closed Bug: invalid)

Opened 3 years ago

Last modified 2 years ago

FF - <a> tag href incorrectly encoded

Reported by: lynne_kues Owned by:
Priority: Normal Milestone:
Component: General Version: 3.0
Keywords: IBM Firefox Cc:

Description

Run the attached code example. Click the "Test" button on the toolbar. Go to the source view. Notice that the "!" character is incorrectly encoded. Expected result is that the "!" character is not encoded, thus allowing navigation to the href to occur.

Attachments

url-encoding.html (1.7 KB) - added by lynne_kues 3 years ago.

Change History

Changed 3 years ago by lynne_kues

comment:1 Changed 3 years ago by lynne_kues

  • Summary changed from FF - a tag href incorrectly encoded to FF - <a> tag href incorrectly encoded

comment:2 Changed 3 years ago by j.swiderski

  • Keywords Firefox added
  • Status changed from new to confirmed
  • Version changed from 3.4.2 to 3.0

I have managed to reproduce it from CKEditor 3.0

comment:3 Changed 2 years ago by fredck

  • Status changed from confirmed to closed
  • Resolution set to invalid

I've just completed a extensive research about this issue.

The first point: the browser automatically encodes "!". To prove it, just create a page with the following code:

<!DOCTYPE html>
<html>
<head>
	<script>

window.onload = function()
{
	alert( document.body.innerHTML );
};

	</script>
</head>
<body>
	<p><a href="alm://caliberrm!WL028197_20000_101/283;ns=requirement">t</a></p>
</body>
</html>

Then we have this fragment of the URI specs:

2.3. Unreserved Characters

   Data characters that are allowed in a URI but do not have a reserved
   purpose are called unreserved.  These include upper and lower case
   letters, decimal digits, and a limited set of punctuation marks and
   symbols.

      unreserved  = alphanum | mark

      mark        = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"

   Unreserved characters can be escaped without changing the semantics
   of the URI, but this should not be done unless the URI is being used
   in a context that does not allow the unescaped character to appear.

So "!" is considered a "Unreserved Characters". For some reason, the browser consider it as something that needs to be escaped on that context, but the import information here is that "Unreserved characters can be escaped without changing the semantics of the URI".

This means that if the URL has "!" escaped or not, doesn't make any difference. The browser will always see it as "!".

In fact, unlike stated by the reporter, browsers will properly navigate to the correct URL if "!" is escaped. This invalidates the ticket, considering that this is the reporter requirement.

comment:4 Changed 2 years ago by fredck

Further information on this.

I've confirmed that this issue happens just when doing custom manipulation of the editor DOM, just like the reported TC does.

If instead the link is injected through editor.setData() or editor.insertHtml(), then no escaping happens because the editor preserves the original URL.

Note: See TracTickets for help on using tickets.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy