Non-printable characters not displayed by URL bar
Posted: 2015-10-14, 05:35
Trying to test the robustness of a CGI application, I tried entering various kinds of inputs through Pale Moon's URL bar, which caused various anomalies with non-printable characters as described below:
For example, when I visit the URL:
the request is sent correctly, but the URL bar just displays:
Copying is a different story altogether, with various level of inconsistencies:
Ctrl+L, Ctrl+C, Ctrl+V:
Here, stopping at the very first NUL character, or at the very last NUL character would have made sense, but why it'd get stuck at the position it does in this case, is, well, weird.
Click-and-drag to select, from cgi-bin till the end of the address in the URL bar:
This one is just plainly incorrect.
As far as copying is concerned, the Windows clipboard may also have some form of involvement in these anomalies. However, the display of the URLs is confirmed to be a bug, and probably can be worked around by some checks on the data encoded, and then either URLencoding it (%xx) or leaving them in their normal display format.
URLs with non-printable characters are not at all common, so this issue can take a backseat over more pressing issues, but eventually I'd like this bug to be resolved.
For example, when I visit the URL:
Code: Select all
http://localhost/cgi-bin/test.exe?q=ab%15%00%27cd%00%20%00Code: Select all
00000000 68 74 74 70 3a 2f 2f 6c 6f 63 61 6c 68 6f 73 74 |http://localhost|
00000010 2f 63 67 69 2d 62 69 6e 2f 74 65 73 74 2e 65 78 |/cgi-bin/test.ex|
00000020 65 3f 71 3d 61 62 27 63 64 20 |e?q=ab'cd |
Ctrl+L, Ctrl+C, Ctrl+V:
Code: Select all
00000000 68 74 74 70 3a 2f 2f 6c 6f 63 61 6c 68 6f 73 74 |http://localhost|
00000010 2f 63 67 69 2d 62 69 6e 2f 74 65 73 74 2e 65 78 |/cgi-bin/test.ex|
00000020 65 3f 71 3d 61 62 25 31 35 25 30 30 25 32 37 63 |e?q=ab%15%00%27c|
00000030 64 |d|
Click-and-drag to select, from cgi-bin till the end of the address in the URL bar:
Code: Select all
00000000 63 67 69 2d 62 69 6e 2f 74 65 73 74 2e 65 78 65 |cgi-bin/test.exe|
00000010 3f 71 3d 61 62 15 |?q=ab.|
As far as copying is concerned, the Windows clipboard may also have some form of involvement in these anomalies. However, the display of the URLs is confirmed to be a bug, and probably can be worked around by some checks on the data encoded, and then either URLencoding it (%xx) or leaving them in their normal display format.
URLs with non-printable characters are not at all common, so this issue can take a backseat over more pressing issues, but eventually I'd like this bug to be resolved.