[whatwg] IRIs and javascript: scheme

Bjoern Hoehrmann derhoermi at gmx.net
Wed Oct 18 07:42:46 PDT 2006

* Christian Schmidt wrote:
>AFAICS "javascript:alert(123)" is not a valid IRI according to RFC 3987 
>(it should be "javascript:alert%28123%29" instead) and is thus not 
>allowed in an <input type="url"> field.

You are mistaken.

>This is somewhat surprising to me, and I think it will confuse users
>that they now have to manually escape their javascript: URLs when
>entering them in url input fields.

There is a note in the draft to the effect that user agents are free to
allow users enter something non-compliant so long as they fix it up be-
fore processing continues.
Björn Höhrmann · mailto:bjoern at hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

More information about the whatwg mailing list