This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 799 - HTML, URI escaping issues
Summary: HTML, URI escaping issues
Status: RESOLVED FIXED
Alias: None
Product: CSSValidator
Classification: Unclassified
Component: Other (show other bugs)
Version: CSS Validator
Hardware: Other other
: P1 major
Target Milestone: ---
Assignee: Olivier Thereaux
QA Contact: qa-dev tracking
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-15 18:52 UTC by Ville Skyttä
Modified: 2004-11-25 13:29 UTC (History)
0 users

See Also:

Attachments

Description Ville Skyttä 2004-06-15 18:52:49 UTC 
There are both HTML and URI escaping issues on the results page, and seemingly
"inside" the CSS validator too.

Missing HTML escaping, some variants:
http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fjigsaw.w3.org%2F%3Ffoo%3D%3Cscript%3Ealert%28%22hello+world%22%29%3C%2Fscript%3E&usermedium=all
http://jigsaw.w3.org/css-validator/validator?uri=%3Cscript%3Ealert%28%27hello+world%27%29%3C%2Fscript%3E&usermedium=all

Missing HTML escaping, and malformed request URI also possibly sent on the wire:
http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fwww.w3.org%2F%3Ffoo%3D%3Cscript%3Ealert%28%27hello+world%27%29%3C%2Fscript%3E&usermedium=all

Missing URI escaping:
http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fjigsaw.w3.org%2F%3Ffoo%3Dbar%26quux%3Dbaz&usermedium=all
(See the "If you would like to create a link to this page ... the URI is:" part)