[lug] Netscape6/Mozilla

Riggs, Rob RRiggs at doubleclick.net
Wed Nov 14 09:19:10 MST 2001 

You are preaching to the wrong person, my friend. I can't just go fix CNN's
or SalomonSmithBarney's web sites. I cannot access sites, not because I am
non-compliant, but because the sites are. We are dealing with this issue
because the major browsers all treat protocol prefixed relative URLs the
same way. That makes it a de facto standard.

What's even more dangerous than redirecting data to a different protocol is
rewriting a portion of a local URL to a FQDN (/cgi-bin becomes
//www.cgi-bin.com). How many credit card numbers do you suppose have been
posted to www.cgi-bin.com because of this misfeature? So this is obviously
not a safety issue for Mozilla.



-----Original Message-----
From: rm at fabula.de [mailto:rm at fabula.de]
Sent: Wednesday, November 14, 2001 9:10 AM
To: lug at lug.boulder.co.us
Subject: Re: [lug] Netscape6/Mozilla


On Wed, Nov 14, 2001 at 08:41:16AM -0700, Riggs, Rob wrote:
> I've come upon a *very* annoying defect in Mozilla/Netscape6 -- relative
> URLs that specify the protocol (e.g. https:/cgi-bin/foo) are treated as
> absolute URLs, and the first part of the path expanded with www. and .com.
> (Imagine all of the traffic posted to www.cgi-bin.com.) Now, according to
> the spec this is not legal, but it is convention. 

Maybe, but an awfully bad (and dangerous) one. This asumption (wrongly)
implies that one can change protocol without changing the BASE URL.
'http:/something' isn't neccessarily the same as 'https:/something' --
as a matter of they most often don't. Or, to emphasize the problem:
what happens if you go from 'http:/blub' to 'ftp:/blub' ?

> Netscape4 and IE both
> treat them as relative URLs and many web sites use them. I'm affected
almost
> daily by this deficiency. The sad part is that this is one of Mozilla's
most
> frequent bug reports, yet they still mark it as WONTFIX.

The fact that many err doesn't make the error go away ... The semantics
of URLs/URIs are complicated enough and will definitely never work 
inbetween different protocols (http -> LDAP ???). 
I'd say: stick with the standard even so it hurts. Isn't conformance
to the standards one of the main selling points for Linux ?


> Because of this bug, I do have Netscape4 and Mozilla (AKA Netscape6)
> installed on my box. 
> [...]

> -Rob
> 

   Ralf

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list