21978 2008-10-30 11:34:26 -0700 KURL should not allow "%00" in paths 2023-05-22 03:46:57 -0700 1 1 1 Unclassified WebKit Platform 528+ (Nightly build) All All RESOLVED WONTFIX P2 Normal --- 37641 1 brettw webkit-unassigned abarth annevk ap oldest_to_newest 97141 0 brettw 2008-10-30 11:34:26 -0700 IE prevents URLs with paths containing "%00" from being loaded or interpreted in any way. I assume this is to prevent possible bad things from happening at the OS layer or from poorly written servers. Firefox supports it, but you can not give much argument for supporting it if IE doesn't. In WebKit, this bug is much worse because of bug 21975. I think the unescaping should be prohibited along with not allowing %00 in path names in the first place. 1956898 1 annevk 2023-05-22 03:46:57 -0700 Forbidding %00 would go against the standard.