#124 closed defect (fixed)
'+' isn't properly escaped for bind requests
| Reported by: | david | Owned by: | david |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | General | Version: | 0.1 |
| Keywords: | bind encoding | Cc: | |
| Blocked By: | Blocking: |
Description
bind using a formNode that has a field with a value with a '+' in it and try a GET (haven't tested POST) and the '+' will get passed in the clear. This is bad because '+' are read as spaces by servers.
Change History (5)
comment:1 Changed 15 years ago by
| Status: | new → assigned |
|---|
comment:2 Changed 15 years ago by
| Milestone: | → 0.1release |
|---|
comment:3 Changed 15 years ago by
| Milestone: | 0.1release → 0.2release |
|---|
So I'm wary of this bug because we're relying on the built-in encodeURIComponent() method in JS in most cases, so if the plus char isn't getting escaped correctly, that would seem to be something we shouldn't really be handling. OTOH, it could be our bug in encodeAscii(). Either way, it should be cleared up for 0.2.
comment:4 Changed 15 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
This was fixed in [1630].
Note: See
TracTickets for help on using
tickets.
So I'm wary of this bug because we're relying on the built-in encodeURIComponent() method in JS in most cases, so if the plus char isn't getting escaped correctly, that would seem to be something we shouldn't really be handling. OTOH, it could be our bug in encodeAscii(). Either way, it should be cleared up for 0.2.