This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
https://url.spec.whatwg.org/#url-parsing [[ utf-8 percent encode c using the simple encode set, and append the result to url's fragment. ]] See http://software.hixie.ch/utilities/js/live-dom-viewer/saved/3290
*** Bug 26988 has been marked as a duplicate of this bug. ***
Given what IE and Chrome do it seems we should follow them and not escape code points in the fragment state. Only Safari follows the specification here. Gecko is somewhere inbetween.
Just checking, we should still percent encode anything that is not a URL code point, right? https://url.spec.whatwg.org/#url-code-points
As far as I can tell that is not what happens. All code points except maybe 0x00 and the newlines are passed through as is. Simon's test also needs to be modified to put an "x" at the end of the fragment identifier, to ensure stripping of code points less than 0x21 does not happen.
http://software.hixie.ch/utilities/js/live-dom-viewer/saved/3322
So as a comment in the specification reminded me, different things happen for non-relative schemes. E.g. if you use "test" as your URL scheme, Chrome will percent-encode code points higher than U+007F. IE does not, so I'm still inclined to make this change, but that does indicate that this is a bit riskier.
I gave up on bikeshed since I think rubys has a different bikeshed that supports stringifier which I don't get when I pull the latest bikeshed and run update on it... https://github.com/whatwg/url/pull/13
Fixed by https://github.com/whatwg/url/commit/05cbe06bfacf1e477df3d81234492413ca16acbf and https://github.com/w3c/web-platform-tests/pull/1471 Fix is to no longer escape code points in fragments and ignore U+0000 in fragments in addition to newlines.