BUG: Internet Explorer 6 does not correctly handle the percent character (%) in a URL in the OBJECT tag (326980)


The information in this article applies to:

  • Microsoft Visual Studio .NET (2002), Professional Edition
  • Microsoft Internet Explorer (Programming) 6 (SP1)
  • Microsoft Internet Explorer (Programming) 6.0
This article was previously published under Q326980

SYMPTOMS

When hosted in Internet Explorer, a Microsoft .NET Windows Form control may not load correctly when the URL contains a percent character (%).

CAUSE

The percent character (%) is considered unsafe because it is used for encoding of other characters. In a URL, all unsafe characters must be encoded (for example, % is encoded as %25).

For example, when you move to a page using the following URL, Internet Explorer decodes %2545 into %45 and successfully finds the HTML page:

http://webserver/%2545/iehosting.html

However, the Web server for the .NET WinForm control responds in the following manner:
  • When Internet Explorer requests the Web server for the .NET WinForm control, the following URL is used (note the %45):

    URL http://webserver/%45/ieControl.dll

  • The Web server decodes this URL in the following order:
    • %45 translates to 0x45
    • 0x45 is 69
    • %45 translates to the character E
  • As a result, the last location where the Web server looks for the control is http://webserver/E/ieControl.dll (note the E, instead of %45).

    Because Internet Explorer cannot find the control, it does not load.

STATUS

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

When Internet Explorer requests the Web server for ieControl.dll, it is designed to send the URL "as is", without decoding %2545 into %45. The server expects an encoded string, not one that has already been decoded.

This is a problem with the OBJECT tag and prevents managed code in the OBJECT tag from working in this situation. It basically redirects requests from one URL to another, that is, redirects this URL:

http://webserver/%45/ieControl.dll

to this URL:

http://webserver/E/ieControl.dll

Steps to Reproduce the Behavior

  1. Create a Windows Control Library project.
  2. Compile the control, and then name it ieControl.dll.
  3. Create an HTML page, and then host Windows Form control in Internet Explorer with an OBJECT tag.
    <HTML>
<BODY><BR/>
This is a WinForm control, hosted in Internet Explorer demonstration:
<OBJECT id=myControl classid="ieControl.dll#myControl" width=500  height=500>
</OBJECT>
</BODY>
</HTML>
  4. Save the HTML page as Iehosting.html.
  5. Create a directory named %45 under wwwroot of your Web server.
  6. Copy the Iehosting.html and IeControl.dll files to the directory.
  7. Start Internet Explorer, move to the page at http://webserver/%2545/iehosting.html, and then verify that the .dll does not load correctly.

REFERENCES

For more information about URL encoding, visit the following Network Working Group (Request for Comments 1738) Web site:

Uniform Resource Locators
http://www.rfc-editor.org/rfc/rfc1738.txt

Modification Type:MinorLast Reviewed:9/14/2005
Keywords:kbvs2002sp1sweep kbbug kbfix KB326980 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.