Bug 452979 - Invisible control characters in URL MUST NOT be decoded when showing its address (r=gavin)
authormasa141421356@gmail.com
Tue, 06 Jan 2009 09:41:34 -0800
changeset 23374 4af786d20e41081558a87db23f3d7690c5512933
parent 23373 e38385c26b20c6b400525c353c4937a13abfcb59
child 23375 309711a732acd1ccfad3fe3d5da57a67767948de
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgavin
bugs452979
milestone1.9.2a1pre
Bug 452979 - Invisible control characters in URL MUST NOT be decoded when showing its address (r=gavin)
browser/base/content/browser.js
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -2119,19 +2119,20 @@ function losslessDecodeURI(aURI) {
                 //    ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '#'
                 //    (RFC 3987 section 3.2)
                 // 2. Re-encode whitespace so that it doesn't get eaten away
                 //    by the location bar (bug 410726).
                 .replace(/%(?!3B|2F|3F|3A|40|26|3D|2B|24|2C|23)|[\r\n\t]/ig,
                          encodeURIComponent);
     } catch (e) {}
 
-  // Encode invisible characters (invisible control characters, soft hyphen,
-  // zero-width space, BOM, line separator, paragraph separator) (bug 452979)
-  value = value.replace(/[\v\x0c\x1c\x1d\x1e\x1f\u00ad\u200b\ufeff\u2028\u2029]/g,
+  // Encode invisible characters (soft hyphen, zero-width space, BOM,
+  // line and paragraph separator, word joiner, invisible times,
+  // invisible separator, object replacement character) (bug 452979)
+  value = value.replace(/[\v\x0c\x1c\x1d\x1e\x1f\u00ad\u200b\ufeff\u2028\u2029\u2060\u2062\u2063\ufffc]/g,
                         encodeURIComponent);
 
   // Encode bidirectional formatting characters.
   // (RFC 3987 sections 3.2 and 4.1 paragraph 6)
   value = value.replace(/[\u200e\u200f\u202a\u202b\u202c\u202d\u202e]/g,
                         encodeURIComponent);
   return value;
 }