[Mimedefang] OT: Browser Bug: Very bad in IE and varies on Netscape and Mozilla

Jonas Eckerman jonas_lists at frukt.org
Sat Dec 20 21:38:04 EST 2003


Kinda OT, but here goes...

On Fri, 19 Dec 2003 17:30:02 -0500, WBrown at e1b.org wrote:

>  This bug also works on Firebird 0.7 on Windows.

Not completely. At least not on my Mozilla Firebird. It only works in the status bar here, and only with %00.

>  Can anyone explain how it works?

On Mozilla Firebird:

Because Firebird decodes the URL before showing it in the status bar. When the %00 is decoded, it gets converted to a NULL. One of the most common ways of telling a piece of code where a text string ends is to use NULL terminated strings, that is strings that ends at the first encountered NULL. Mozilla most probably uses such strings, ar at least Windows almost certainly does (NULL terminated strings are standard in the Windows GUI API), for it's status bar. So Windows (or whatever GUI code is used) simply thinks the string ends where the %00 came, and doesn't show the rest.

If you use a %01 instead, Firebird (at least here) shows a thick vertical bar instead (maybe Windows default "I can't print this" character?).

In Internet Explorer:

Because it was written by Microsoft? ;-)

Obviously, they do something wrong in IE. Terminating because of a NUL I can understand, though they really should consider %00 an invalid character instead. Terminating a displayed string at the first encountered unprintable is less understandable. This means that they actually check for unprintables and not only for NUL termination (this is not something that Windows does automatically), so why do an extra check for them and then treat them as terminators instead of stripping them or replacing them with ? or something? I don't know.

-- 
Jonas Eckerman, jonas_lists at frukt.org
http://www.fsdb.org/




More information about the MIMEDefang mailing list