New issue
Advanced search Search tips

Issue 613195 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: May 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Security: '&copy' in html urls are transformed to 86%C2%A9

Reported by maarten....@woensdag.com, May 19 2016

Issue description

VULNERABILITY DETAILS
When having an url in html
<a href="/?cPath=2&categories_id=2&action=copy_to_confirm&products_id=86&copy_as=duplicate">xxx</a>

Chrome will convert this to
"/?cPath=2&categories_id=2&action=copy_to_confirm&products_id=86%C2%A9_as=duplicate"

Or: the copymark char (see attachment)




VERSION
Chrome Version 49.0.2623.112 m
Operating System: Windows 7

 
2016-05-19 18_25_59-.png
4.2 KB View Download
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)
Per http://stackoverflow.com/a/3705601:

"HTML entities are parsed inside HTML attributes, and a stray & would create an ambiguity. That's why you should always write &amp; instead of just & inside all HTML attributes."

Browsers are lenient about this, presumably for backwards compatibility. However, the only safe thing is to encode all ampersands in HTML, which I recommend you do.

Sign in to add a comment