Some browsers convert pipe "|" to colon ":" in the file scheme

I just thought this was odd, and may be exploited in cases where a security filter checks the string before the conversion takes place.

Here are the results of the DOM parsing for "file://c|/foo/bar".  Internet Explorer and Google Chrome both convert the "|" to the ":" in the path component.  Windows actually treats the "|" as a ":" in the path, which may also seem odd, but then why would these browsers feel the need to convert the character?

Test Cases




RawUrl                                           Browser
file:///c:/foo/bar                        MSIE 7.0
file:///C:/foo/bar                       Chrome/12.0.742.100
file:///c|/foo/bar                       Firefox/4.0.1
file://c|/foo/bar                         Safari/5.05
file://localhost/c|/foo/bar    Opera/9.80

I can understand being liberal in accepting "|" characters in the path segment, even though RFC3986 and 3987bis would have you percent-encode it to "%7C".  But I didn't realize that IE and Chrome would actually perform a transformation on the input in this way.
Awesome post! :)

Chrome also does this crazy stuff:

This is a legacy-compatibility feature of file URIs. IIRC, some version of Netscape did this and IE adopted it in the 1990s.

Gareth, so people can see your test case I'm putting it in text here:

a href="c|test.txt"

That does seem crazy. Eric, gotta love that legacy-compat right? You know us security types all too well, and we certainly hear alarm bells when characters start converting from one thing to another.

Whacky, wonder what caused Netscape to do this back in the 90's?