[whatwg] IRIs and javascript: scheme
Bjoern Hoehrmann
derhoermi at gmx.net
Wed Oct 18 07:42:46 PDT 2006
* Christian Schmidt wrote:
>AFAICS "javascript:alert(123)" is not a valid IRI according to RFC 3987
>(it should be "javascript:alert%28123%29" instead) and is thus not
>allowed in an <input type="url"> field.
You are mistaken.
>This is somewhat surprising to me, and I think it will confuse users
>that they now have to manually escape their javascript: URLs when
>entering them in url input fields.
There is a note in the draft to the effect that user agents are free to
allow users enter something non-compliant so long as they fix it up be-
fore processing continues.
--
Björn Höhrmann · mailto:bjoern at hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
More information about the whatwg
mailing list