«
»

Internet Explorer and JavaScript copyright problem

IE, JavaScript and copyright

IE, JavaScript and copyright

After publishing recent update for User Role Editor plugin (version 3.3.) I got a couple of messages about WordPress crash after updating of plugin. That was very strange as for about 2,000 downloads for that moment we have only 2 installations with such problem.

The reason was simple. Did you guess already?
Yes, that was the former and noisy for almost every web developer browsers compatibility issue. There are no any problem with FireFox and Google Chrome. The only Internet Explorer (I tested versions from 6.0 to 8.0) automatically replaces ‘&copy’ part in the ‘&copy_from_user_role’ URL parameter name inside JavaScript code to the copyright © sign. That’s invalid role name inserted into WordPress database and the whole user roles and capabilities list crashes as a result. To isolate this problem I should use other name for this URL parameter – user_role_copy_from.
Wow!!! It started work as expected. Thank you, darling Microsoft. Is this so difficult to realize, that reserved HTML symbol © SHOULD be ended by ‘;’ semicolon symbol only in order to become the copyright © symbol. What the brilliant idea make replacement for reserved HTML symbol inside JavaScript string constant, which is part of calculated expression!

Look at the example of problematic code below:

1
2
3

el = document.getElementById('copy_user_role_from');
url = url +'&copy_user_role_from='+ el.value;
document.location.href = url;

Pay attention on the line #2. The source of problem was there at ‘&copy_’ characters.

Valid URL, as it is under Google Chrome and FireFox looks like:
http://www.test.my/test.php?action=update©_user_role_from=1

Under Internet Explorer we have:

IE copyright sign from javascript in URL

IE copyright sign from javascript in URL

As the browsers war is not ended and soldiers from that war is still here, every web developer should remember – start JavaScript variable name from HTML reserved word could be dangerous, as such variable name inside URL parameters linked with ‘&’ symbols could be interpreted by Internet Explorer as special symbol from HTML standard, e.g.  , ©, <, etc…, which could lead to unpredictable result in case of auto-replacement. This is the other reason to realize strong server-side checking of what value you got with parameter from the client.

Thanks to Michael Wiekenberg for the help with isolating this issue.

Did you meet with similar unexpected behavior of so popular browser?

Tags: ,

This entry was posted on Saturday, December 31st, 2011 at 07:01 and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.