6670 2009-03-09 18:49:15 +0000 Allow unescaped &s, at least in attributes that accept URLs 2011-11-23 07:09:37 +0000 1 1 1 Unclassified HTML WG pre-LC1 HTML5 spec (editor: Ian Hickson) unspecified All All VERIFIED WONTFIX NoReply P2 normal --- 1 ian ian jens julian.reschke mathias mike public-html-admin public-html-wg-issue-tracking public-html-bugzilla oldest_to_newest 24111 0 ian 2009-03-09 18:49:15 +0000 Based on data from Google, requiring &s to be escaped in URL-heavy pages (like most major sites) causes something like a 6% increase in file size. This error seems more common than the error it is trying to catch (accidentally forgetting the semicolon in an entity), but it would leave sites exposed to accidental entities, e.g. in the case of: http://example.com?cut©paste;color&style&bold 24122 1 ian 2009-03-10 00:55:24 +0000 maybe only if followed by alphanumeric ASCII and an equals sign? 24147 2 lachlan.hunt 2009-03-11 08:52:44 +0000 It is useful to know if a semi-colon has accidentally been omitted from an entity reference, or if you've unintentionally used a sequence that looks like an entity reference. This could be defined so that it is valid when: 1. The value is alphanumeric ASCII followed an equals sign 2. The value does not match one of the defined entity references. So the most common cases of "?x&foo=1" would be valid. But "?x&copy=1" would be invalid because © is an entity and, in this case, would be resolved to "?x©=1", which is not likely what the author wants. 24474 3 ian 2009-04-01 01:50:10 +0000 "?x&copy=1" in an attribute would not be treated as an entity, though, so the author still wouldn't be affected... Are you sure we need to check for matches even though they won't be handled as such? Maybe I don't really understand what you are proposing. 25351 4 ian 2009-05-29 00:15:51 +0000 I've tried to do this. The spec text for this is highly unintuitive, but I hope it matches practical intuition more than the previous text. I'm not compeltely convinced that this is a good idea, so let me know if you think this should be changed back. 25426 5 lachlan.hunt 2009-06-02 13:16:17 +0000 (In reply to comment #3) > "?x&copy=1" in an attribute would not be treated as an entity Yes it would because "&copy" is one of the entity references that needs to be supported without the use of the semi-colon on the end. Try it. http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E%0A%3Ca%20href%3D%22%3Fx%26copy%3D1%22%3Etest%3C%2Fa%3E 25569 6 ian 2009-06-12 22:24:40 +0000 Reverted. 33068 7 mjs 2010-03-14 13:17:02 +0000 This bug predates the HTML Working Group Decision Policy. If you are satisfied with the resolution of this bug, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy.html This bug is now being moved to VERIFIED. Please respond within two weeks. If this bug is not closed, reopened or escalated within two weeks, it may be marked as NoReply and will no longer be considered a pending comment. 49632 8 julian.reschke 2011-06-15 10:07:49 +0000 Apparently, this change *was* applied later on. Is there another bug related to this?