bzbarsky at MIT.EDU
Fri Sep 28 07:52:54 PDT 2012
On 9/28/12 7:45 AM, Anne van Kesteren wrote:
> http://url.spec.whatwg.org/ and would like some help. You get the
> inbetween of course, and then removing the percent encoding (for
> non-hierarchical URLs query appears to be part of the path). Then you
> What I am wondering about is why e.g. %E2%84 results in a code point
> in both Gecko and Chrome and whether that is required for
> compatibility (in Opera I get U+FFFD as I expected).
the same thing for me in Gecko, Chrome, and Opera. What are you
> bz also described some kind of special byte-based script in
> but it appears no other browser has that.
That was for treatment of the return value, not for figuring out the
string to execute, right?
you should consider defining the following, to the extent that they're
not already defined:
1) Whether the script executes (compare <img src> vs <iframe src>),
but note that some UAs _do_ run the script for <img src>, but in
2) When the script evaluates (sync vs async, say).
3) The global object the script evaluates against.
4) The origin and effective script origin of the script.
5) What happens when this doesn't match the origin or effective script
origin or whatever of the global object the script is evaluating
6) Interactions with sandboxed iframes and CSP. What happens when
the parent page sets the location of a sandboxed iframe to a
there is UA interop here.
7) Handling of the return value of the script.
Thanks for doing this!
More information about the whatwg