Issue 613195 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	May 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug

Security: '&copy' in html urls are transformed to 86%C2%A9

Reported by maarten....@woensdag.com, May 19 2016

Issue description

VULNERABILITY DETAILS
When having an url in html
<a href="/?cPath=2&categories_id=2&action=copy_to_confirm&products_id=86&copy_as=duplicate">xxx</a>

Chrome will convert this to
"/?cPath=2&categories_id=2&action=copy_to_confirm&products_id=86%C2%A9_as=duplicate"

Or: the copymark char (see attachment)




VERSION
Chrome Version 49.0.2623.112 m
Operating System: Windows 7

	2016-05-19 18_25_59-.png 4.2 KB View Download

Comment 1 by lgar...@chromium.org, May 19 2016

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)

Per http://stackoverflow.com/a/3705601:

"HTML entities are parsed inside HTML attributes, and a stray & would create an ambiguity. That's why you should always write &amp; instead of just & inside all HTML attributes."

Browsers are lenient about this, presumably for backwards compatibility. However, the only safe thing is to encode all ampersands in HTML, which I recommend you do.

►

Issue 613195 link

Issue metadata

Security: '&copy' in html urls are transformed to 86%C2%A9

Issue description

Comment 1 by lgar...@chromium.org, May 19 2016

Comment 1 Deleted

Sign in to add a comment