19209 – Urls can contain &.

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 19209 - Urls can contain &.

Summary: Urls can contain &.

Status:	NEW

Alias:	None

Product:	HTML Checker
Classification:	Unclassified
Component:	General (show other bugs)
Version:	unspecified
Hardware:	PC All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Michael[tm] Smith
QA Contact:	qa-dev tracking

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-10-02 15:00 UTC by Steve Buzonas
Modified:	2015-08-23 06:58 UTC (History)
CC List:	2 users (show)

See Also:	https://bugzilla.mozilla.org/show_bug.cgi?id=1153920

Attachments

Description Steve Buzonas 2012-10-02 15:00:31 UTC

In the src attributes for script, img, etc a valid url can have an & in it without being escaped.

The message for a script tag with a query string in the url and multiple parameters with & as the delimiter:

"& did not start a character reference. (& probably should have been escaped as &amp;.)"

Comment 1 Michael[tm] Smith 2012-10-26 06:31:01 UTC

I wrote an experimental patch for this and push it to http://qa-dev.w3.org:8888/

So for now you can test it there and please let me know if find any problems.

I'll try to get the patch landed in the sources soon and pushed out to the production validator.

Comment 2 brandon 2014-04-06 19:38:54 UTC

As of 2014-4-6 this bug still exists in the production validator.

Comment 3 Michael[tm] Smith 2015-04-13 17:30:34 UTC

patch under review at https://bugzilla.mozilla.org/show_bug.cgi?id=1153920