Launchpad itself

  1. Bug #973212
  2. Activity log

Activity log for bug #973212

Date Who What changed Old value New value Message
2012-04-04 09:24:24 Andy Whitcroft bug added bug
2012-04-04 18:37:39 Robert Collins launchpad: status New Triaged
2012-04-04 18:37:43 Robert Collins launchpad: importance Undecided High
2012-04-04 18:38:27 Robert Collins summary package version page version links are relative and contain a : which is parsed as a protocol specifier in chromium package version page version links are not escaped correctly
2012-04-04 18:39:35 Robert Collins description For an Ubuntu package there is a current versions page which shows each version in each pocket, for example: https://launchpad.net/ubuntu/+source/pulseaudio In this page the version specific links, those to the right of the 'expander' arrow, are relative links to the version specific sub-page, in this example something like: <a href="1:1.1-0ubuntu14"> <img src="/@@/package-source" /> 1:1.1-0ubuntu14 </a> Where this version has an epoch, as pulseaudio does, this is formatted with a raw colon. This is ambigiously either a relative URL or a url using the protocol '1'. (This is displayed correctly in firefox but not in chromium.) Looking at the URI spec (http://www.ietf.org/rfc/rfc2396.txt) there seems to be nothing to prevent chromiums interpretation of the link being valid as for an unknown scheme we cannot rely on anything other than the colon: The URI syntax is dependent upon the scheme. In general, absolute URI are written as follows: <scheme>:<scheme-specific-part> It therefore seems appropriate we either confirm this as a relative URL with a "./" prefix, or probabally more correctly encode the ":" as a % escape (I think %3A). For an Ubuntu package there is a current versions page which shows each version in each pocket, for example:     https://launchpad.net/ubuntu/+source/pulseaudio In this page the version specific links, those to the right of the 'expander' arrow, are relative links to the version specific sub-page, in this example something like:           <a href="1:1.1-0ubuntu14">             <img src="/@@/package-source" />             1:1.1-0ubuntu14           </a> Where this version has an epoch, as pulseaudio does, this is formatted with a raw colon. This is ambigiously either a relative URL or a url using the protocol '1'. (This is displayed correctly in firefox but not in chromium.) Looking at the URI spec (http://www.ietf.org/rfc/rfc2396.txt) there seems to be nothing to prevent chromiums interpretation of the link being valid as for an unknown scheme we cannot rely on anything other than the colon:    The URI syntax is dependent upon the scheme. In general, absolute    URI are written as follows:       <scheme>:<scheme-specific-part> It therefore seems appropriate we either confirm this as a relative URL with a "./" prefix, or probabally more correctly encode the ":" as a % escape (I think %3A). Analysis ======== We should escape the first segment correctly, or use the ./ hack Andy suggests. Whomever looks at the code to see how we are generating the links can decide what makes the most sense.
2013-09-30 10:33:39 Manfred Hampl bug added subscriber Manfred Hampl
2014-05-20 05:23:08 Logan Rosen bug added subscriber Logan Rosen
2016-10-02 05:44:15 William Grant marked as duplicate 1629058