11597 – mismatch between parsing rule and valid syntax for meta refresh URL

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 11597 - mismatch between parsing rule and valid syntax for meta refresh URL

Summary: mismatch between parsing rule and valid syntax for meta refresh URL

Status:	RESOLVED FIXED

Alias:	None

Product:	HTML WG
Classification:	Unclassified
Component:	LC1 HTML5 spec (show other bugs)
Version:	unspecified
Hardware:	PC Windows NT

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ian 'Hixie' Hickson
QA Contact:	HTML WG Bugzilla archive list

URL:	http://bugzilla.validator.nu/show_bug...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-12-23 09:15 UTC by Julian Reschke
Modified:	2011-08-04 05:02 UTC (History)
CC List:	5 users (show)

See Also:

Attachments

Description Julian Reschke 2010-12-23 09:15:22 UTC

See http://dev.w3.org/html5/spec/Overview.html#attr-meta-http-equiv-refresh

"For meta elements with an http-equiv attribute in the Refresh state, the content attribute must have a value consisting either of:

    * just a valid non-negative integer, or
    * a valid non-negative integer, followed by a U+003B SEMICOLON character (;), followed by one or more space characters, followed by a substring that is an ASCII case-insensitive match for the string "URL", followed by a U+003D EQUALS SIGN character (=), followed by a valid URL."

This makes the following string conforming

  <meta http-equiv="Refresh" content="20; URL='foo'bar'">

as

  'foo'bar

is a valid URI reference according to RFC 3986.

However, the parsing instructions special case leading ' and " characters, and will truncate at the 2nd occurence, so the value is actually handled as

  foo

The conformance criteria apparently need to take surrounding quoted into account, may be by defining "valid optionally quoted URL".

Comment 1 Ian 'Hixie' Hickson 2011-01-06 05:36:32 UTC

I'll change it to say "...a valid URL that does not contain any literal U+0027 APOSTROPHE (') or U+0022 QUOTATION MARK (") characters".

Though if those are really allowed, I'm sure there's got to be other places where I screwed that up. Adam, your spec only defines parsing, right? Not allowed syntax?

Comment 2 Ian 'Hixie' Hickson 2011-01-06 05:46:06 UTC

zcorpan suggests s/does not contain any/does not start with a/, which seems reasonable.

Comment 3 Adam Barth 2011-01-06 05:48:23 UTC

> Though if those are really allowed, I'm sure there's got to be other places
> where I screwed that up. Adam, your spec only defines parsing, right? Not
> allowed syntax?

That's correct.

Comment 4 Ian 'Hixie' Hickson 2011-02-07 22:47:24 UTC

EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document:
   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Partially Accepted
Change Description: see diff given below
Rationale: The conformance criteria for authors should not be inconsistent with the parsing rules for implementors.

Comment 5 contributor 2011-02-07 22:47:48 UTC

Checked in as WHATWG revision r5840.
Check-in comment: Disallow URLs that would conflict with the way meta refreshes are parsed.
http://html5.org/tools/web-apps-tracker?from=5839&to=5840

Comment 6 Michael[tm] Smith 2011-08-04 05:02:57 UTC

mass-moved component to LC1