Jeremy wrote:
On Sat, Oct 23, 2010 at 09:19:45PM +0000, corvid wrote:
Jeremy wrote:
On Sat, Oct 23, 2010 at 08:02:04PM +0000, corvid wrote:
Jeremy wrote:
http://makespace.org/ has some NULL characters in its header, which causes it to disappear in Dillo. Firefox and links have no problems. What's the fix?
It seems to be showing up fine for me.
So it is! It's my local patches that are trying to parse quoted attributes like Firefox that are doing it.
I have yet to look at it in detail, but I think the problem is that strcspn() assumes that there are no NULLs in its argument apart from the terminating NULL so it may give the wrong result when there are embedded NULLs. The current logic assumes that the return value will be the index of one of the terminating characters or the index of the terminating NULL. But here it might be the index of an embedded NULL which is a case that the current code does not handle. I *suspect* that Dillo does the right thing more by accident than design.
I think the SGML declaration in section 20.1 of the 4.01 spec means that NULLs are not legal.
So we have a choice: do we treat embedded NULLs as undefined behaviour? If we decide "No, Dillo must handle embedded NULLs in the 'right' way" then we have to rewrite Html_write_raw() (and possibly a_Html_parse_entities() and Html_get_javascript_link() too) to not use strcspn(). Ouch! This seems to be a pretty rare case so maybe it is not worth the effort?
I personally lean toward not handling it if it's illegal in particular because it's so rarely encountered that I imagine we'll forget about it at some point and accidentally make it stop working. PS Speaking of embedded NULLs, we still need to make HTTPS queries with embedded NULLs work properly at some point. (Submit a form with a file input.) a_Dpip_build_cmd() is not built to handle that case.