> On Thursday 27 December 2001 04:36 am, JTK wrote: > >>>Huh? >>>The problem are not invalid URLs, they are valid URLs; >>> >>Nonono, they're invalid - they contain linefeeds etc which are >>specifically forbidden by whatever the official URL spec is. This was >>all gone over in excruciating detail and I'm sure all the sad details >>are Googleable. >> > > No, the URL contains no linefeeds: > http://foo:79/ > > That's it. It wasn't even a POST, but even it were, there wouldn't be > any linefeeds in that URL either. >
Right, but a *malicious* one would have to. By parsing the URL properly, a malformed URL (which yours is *not*) would be rejected, and properly-formed URLS (which yours *is*) would work fine, regardless of the port. But instead Mozilla's "solution" is to just block all access to particular ports, regardless of whether the URL is valid or not. Now this is admittedly far down the list of Mozilla's defects (as far as number of people affected; I'm sure to you and a relatively small %tage of others this could be a major PITA), but it just goes to show you the overall lack of design forthought pervasive to the project.
