[whatwg] URL: javascript URLs
Boris Zbarsky
bzbarsky at MIT.EDU
Fri Sep 28 08:45:33 PDT 2012
On 9/28/12 11:34 AM, Boris Zbarsky wrote:
> I'm not sure why it never hits the alert. A similar testcase not inside
> the live dom viewer works just fine.
Oh, I see why it's different.
In the case I was testing (just loading a file from file://), the
javascript: URI is created from the string 'javascript:alert("%E2%84")'
with charset set to ISO-8859-1. When the URI parser is done with that,
it has converted it to an internal representation that looks like
'javascript:alert("%C3%A2%E2%80%9E")' and then when you unescape and
convert from UTF-8 you get those original two ISO-8859-1 chars.
But on the live dom viewer, the URI is being created from the same
string, but with charset set to UTF-8. When the URI parser is done with
that, it has converted to an internal representation that looks like
'javascript:alert("%e2%84")' and then when you unescape you get a byte
array with the bytes 0xe2 0x84, and converting from UTF-8 you get a
0-length string because the "convert from utf-8" function involved
doesn't handle malformed utf-8 very well. So nothing happens.
-Boris
More information about the whatwg
mailing list