27252 2014-11-05 15:04:00 +0000 Figure out which characters to escape in fragment 2014-12-16 12:39:09 +0000 1 1 1 Unclassified WHATWG URL unspecified PC All RESOLVED FIXED https://bugzilla.mozilla.org/show_bug.cgi?id=1093611 P2 normal Unsorted 1 zcorpan rubys annevk contributor mike rubys sideshowbarker+urlspec oldest_to_newest 114559 0 zcorpan 2014-11-05 15:04:00 +0000 https://url.spec.whatwg.org/#url-parsing [[ utf-8 percent encode c using the simple encode set, and append the result to url's fragment. ]] See http://software.hixie.ch/utilities/js/live-dom-viewer/saved/3290 115612 1 annevk 2014-11-27 10:28:40 +0000 *** Bug 26988 has been marked as a duplicate of this bug. *** 115613 2 annevk 2014-11-27 10:31:18 +0000 Given what IE and Chrome do it seems we should follow them and not escape code points in the fragment state. Only Safari follows the specification here. Gecko is somewhere inbetween. 115696 3 rubys 2014-11-30 01:21:50 +0000 Just checking, we should still percent encode anything that is not a URL code point, right? https://url.spec.whatwg.org/#url-code-points 115700 4 annevk 2014-11-30 10:49:23 +0000 As far as I can tell that is not what happens. All code points except maybe 0x00 and the newlines are passed through as is. Simon's test also needs to be modified to put an "x" at the end of the fragment identifier, to ensure stripping of code points less than 0x21 does not happen. 115726 5 zcorpan 2014-12-01 09:25:03 +0000 http://software.hixie.ch/utilities/js/live-dom-viewer/saved/3322 116209 6 annevk 2014-12-12 12:05:24 +0000 So as a comment in the specification reminded me, different things happen for non-relative schemes. E.g. if you use "test" as your URL scheme, Chrome will percent-encode code points higher than U+007F. IE does not, so I'm still inclined to make this change, but that does indicate that this is a bit riskier. 116210 7 annevk 2014-12-12 12:40:40 +0000 I gave up on bikeshed since I think rubys has a different bikeshed that supports stringifier which I don't get when I pull the latest bikeshed and run update on it... https://github.com/whatwg/url/pull/13 116373 8 rubys 2014-12-16 12:39:09 +0000 Fixed by https://github.com/whatwg/url/commit/05cbe06bfacf1e477df3d81234492413ca16acbf and https://github.com/w3c/web-platform-tests/pull/1471 Fix is to no longer escape code points in fragments and ignore U+0000 in fragments in addition to newlines.