[Webkit-unassigned] [Bug 14302] New: javascript: URIs in the address field are not decoded before being passed to the scripting engine

Thu Jun 21 19:40:37 PDT 2007

http://bugs.webkit.org/show_bug.cgi?id=14302

           Summary: javascript: URIs in the address field are not decoded
                    before being passed to the scripting engine
           Product: WebKit
           Version: 522+ (nightly)
          Platform: PC
        OS/Version: Windows XP
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P4
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: shadow2531 at gmail.com

Test1
Enter javascript:%2F%2F%09%2F%2F%0D%0Aalert(%22PASS%22)%3B in the address
field.

Expected: It should alert PASS
Result: Nothing

Test2
Enter javascript:alert('%E2%88%9A')%3B in the address field.

Expected: It should alert (in the English version at least) √ (as in the
radic symbol represented by \u221A)
Result: Nothing

Reason: Safari only accepts raw javascript URIs. Properly-encoded ones are not
decoded. Firefox, IE and Opera handle them (although Opera currently has
problems with the newlines and tabs in the first example and IE and Opera use
the wrong code page for the second).

This breaks all properly-encoded bookmarklets.

Solution: Decode the data after 'javascript:' before passing to the scripting
engine. (As in, do like Firefox. More or less, do decodeURIComponent-like on
the data)

I think this is the newest JS URI scheme.
http://ietfreport.isoc.org/all-ids/draft-hoehrmann-javascript-scheme-00.txt

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.