IETF Logo Mail Archive

Re: Last Call: <draft-holsten-about-uri-scheme-06.txt> (The 'about' URI scheme) to Proposed Standard

Julian Reschke <julian.reschke@gmx.de> Wed, 15 June 2011 10:13 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1D1C11E8074 for <ietf@ietfa.amsl.com>; Wed, 15 Jun 2011 03:13:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.262
X-Spam-Level:
X-Spam-Status: No, score=-103.262 tagged_above=-999 required=5 tests=[AWL=-1.262, BAYES_00=-2.599, J_CHICKENPOX_55=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bLwLaHLIfKun for <ietf@ietfa.amsl.com>; Wed, 15 Jun 2011 03:13:14 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 0942111E8070 for <ietf@ietf.org>; Wed, 15 Jun 2011 03:13:13 -0700 (PDT)
Received: (qmail invoked by alias); 15 Jun 2011 10:13:12 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp069) with SMTP; 15 Jun 2011 12:13:12 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1/FrPZ999LFlE1gYsZCaWGGBO5XQay2+JgsN3e1zt Vl4VX14nZM71jZ
Message-ID: <4DF885B5.4020202@gmx.de>
Date: Wed, 15 Jun 2011 12:13:09 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Mykyta Yevstifeyev <evnikita2@gmail.com>
Subject: Re: Last Call: <draft-holsten-about-uri-scheme-06.txt> (The 'about' URI scheme) to Proposed Standard
References: <4D3A64FF.1020000@mit.edu> <4DF87637.2000301@gmail.com>
In-Reply-To: <4DF87637.2000301@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: Alexey Melnikov <alexey.melnikov@isode.com>, Boris Zbarsky <bzbarsky@MIT.EDU>, draft-holsten-about-uri-scheme@tools.ietf.org, IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2011 10:13:15 -0000

On 2011-06-15 11:07, Mykyta Yevstifeyev wrote:
> ...
>> 2) Section 6 says:
>>
>> For example, "about:blank", "about:blan%6B" and "about:blan%6b"
>> are equivalent
>>
>> In Gecko they are not. The string after ':' is treated as a literal
>> string; when looking up a way to handle the URI the second and third
>> URIs above are treated as unparseable by Gecko in its default
>> configuration. Changing this has some security implications that would
>> require careful auditing of not only Gecko code but some
>> specifications (e.g. HTML5 defines certain special-case security
>> behavior for about:blank that's not obviously safe to apply to the
>> other strings above).
>>
>> The same section says:
>>
>> Similarly, "about:blank%3F" is not equivalent to "about:blank?".
>>
>> which I think is trying to explain by example that only unreserved
>> characters need to be unescaped. But that assumes an implementation of
>> RFC 3986 which may or may not be the case in web browsers (and is NOT
>> the case in Gecko, for example, for various web-compatibility
>> reasons). Unless there are very strong reasons for it, I would
>> recommend that no normalization is performed on about: URIs, period.
> The point of this comment is to propose abandoning normalization of
> 'about' URIs because of some ad hoc behavior of an only application -
> Gecko. The purpose of our draft is to give a stable specification of the
> scheme and normalize all existing types of behavior with regard to
> handling 'about' URIs. It will be easier for Gecko to change its
> behavior rather than for other apps to do this.
> ...

I agree that not treating them as equivalent is a bug.

That being said, if our Mozilla friends do not want to fix this it might 
be a good idea to warn readers that certain implementations fail to 
properly unescape, thus it's unwise to rely on that behavior (why would 
you anyway?).

Best regards, Julian

v2.23.0 | Report a Bug | By Email