Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#8444 closed Bug (invalid)

FF - <a> tag href incorrectly encoded

Reported by: Lynne Kues Owned by:
Priority: Normal Milestone:
Component: General Version: 3.0
Keywords: IBM Firefox Cc:


Run the attached code example. Click the "Test" button on the toolbar. Go to the source view. Notice that the "!" character is incorrectly encoded. Expected result is that the "!" character is not encoded, thus allowing navigation to the href to occur.

Attachments (1)

url-encoding.html (1.7 KB) - added by Lynne Kues 12 years ago.

Download all attachments as: .zip

Change History (5)

Changed 12 years ago by Lynne Kues

Attachment: url-encoding.html added

comment:1 Changed 12 years ago by Lynne Kues

Summary: FF - a tag href incorrectly encodedFF - <a> tag href incorrectly encoded

comment:2 Changed 12 years ago by Jakub Ś

Keywords: Firefox added
Status: newconfirmed

I have managed to reproduce it from CKEditor 3.0

comment:3 Changed 12 years ago by Frederico Caldeira Knabben

Resolution: invalid
Status: confirmedclosed

I've just completed a extensive research about this issue.

The first point: the browser automatically encodes "!". To prove it, just create a page with the following code:

<!DOCTYPE html>

window.onload = function()
	alert( document.body.innerHTML );

	<p><a href="alm://caliberrm!WL028197_20000_101/283;ns=requirement">t</a></p>

Then we have this fragment of the URI specs:

2.3. Unreserved Characters

   Data characters that are allowed in a URI but do not have a reserved
   purpose are called unreserved.  These include upper and lower case
   letters, decimal digits, and a limited set of punctuation marks and

      unreserved  = alphanum | mark

      mark        = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"

   Unreserved characters can be escaped without changing the semantics
   of the URI, but this should not be done unless the URI is being used
   in a context that does not allow the unescaped character to appear.

So "!" is considered a "Unreserved Characters". For some reason, the browser consider it as something that needs to be escaped on that context, but the import information here is that "Unreserved characters can be escaped without changing the semantics of the URI".

This means that if the URL has "!" escaped or not, doesn't make any difference. The browser will always see it as "!".

In fact, unlike stated by the reporter, browsers will properly navigate to the correct URL if "!" is escaped. This invalidates the ticket, considering that this is the reporter requirement.

comment:4 Changed 12 years ago by Frederico Caldeira Knabben

Further information on this.

I've confirmed that this issue happens just when doing custom manipulation of the editor DOM, just like the reported TC does.

If instead the link is injected through editor.setData() or editor.insertHtml(), then no escaping happens because the editor preserves the original URL.

Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy