NULLs in entities in Firefox

Monday, 5 December 2011
HTML5 decided to introduce a load of new entities, I dunno why maybe they thought it wasn’t hard enough to protect against the original ones we had already. Anyway Firefox has a bug or “feature” that allows NULLS inside the entities. I tweeted it but if I don’t post it here it will probably be lost in a sea of tweets. You can place NULLs before the “&” or before the “;” which allows you to construct a pretty weird entity.

javascript&0x00colon;
javascript&colon0x00;

These obviously work inside a anchor href and I think in addition FF requires the HTML5 doctype.