[webkit-reviews] review requested: [Bug 8770] XMLHttpRequest should
strip CR/LF characters from the URL : [Attachment 8251] proposed fix
bugzilla-request-daemon at opendarwin.org
bugzilla-request-daemon at opendarwin.org
Thu May 11 12:58:15 PDT 2006
Alexey Proskuryakov <ap at nypop.com> has asked for review:
Bug 8770: XMLHttpRequest should strip CR/LF characters from the URL
http://bugzilla.opendarwin.org/show_bug.cgi?id=8770
Attachment 8251: proposed fix
http://bugzilla.opendarwin.org/attachment.cgi?id=8251&action=edit
------- Additional Comments from Alexey Proskuryakov <ap at nypop.com>
Yes, both Firefox and WinIE strip CR, LF and TAB, and this happens for all
URLs, not just XMLHttpRequest (I've tried IFRAME SRC, window.location and META
HTTP-EQUIV Refresh). No other characters from 0x01... 0x20 are stripped (as
tested with Firefox).
No idea why they do this, doesn't really look like a security measure. My only
wild guess is that this behavior originates with Gopher selector syntax :-)
More information about the webkit-reviews
mailing list