NULLs in entities in Firefox
Published: Mon, 05 Dec 2011 13:00:24 GMT
Updated: Sat, 22 Mar 2025 15:38:18 GMT
HTML5 decided to introduce a load of new entities, I dunno why maybe they thought it wasn't hard enough to protect against the original ones we had already. Anyway Firefox has a bug or "feature" that allows NULLS inside the entities. I tweeted it but if I don't post it here it will probably be lost in a sea of tweets. You can place NULLs before the "&" or before the ";" which allows you to construct a pretty weird entity.
javascript&0x00colon;
javascript&colon0x00;
These obviously work inside a anchor href and I think in addition FF requires the HTML5 doctype.