open http://output.jsbin.com/hubihutige, click the submit button. the url in location bar should be http://output.jsbin.com/hubihutige?name=%00

Comment on attachment 8752231 [details] [diff] [review] escape.patch >-nsFSURLEncoded::URLEncode(const nsAString& aStr, nsCString& aEncoded) >+nsFSURLEncoded::URLEncode(const nsAString& aStr, nsACString& aEncoded) > { > // convert to CRLF breaks >+ int32_t convertedBufLength = 0; > char16_t* convertedBuf = >- nsLinebreakConverter::ConvertUnicharLineBreaks(PromiseFlatString(aStr).get(), >+ nsLinebreakConverter::ConvertUnicharLineBreaks(aStr.BeginReading(), > nsLinebreakConverter::eLinebreakAny, >- nsLinebreakConverter::eLinebreakNet); >+ nsLinebreakConverter::eLinebreakNet, >+ aStr.Length(), >+ &convertedBufLength); > NS_ENSURE_TRUE(convertedBuf, NS_ERROR_OUT_OF_MEMORY); > >+ nsAutoString convertedString; >+ convertedString.Adopt(convertedBuf, convertedBufLength); Could the string be just nsString, given that you don't use the internal buffer for anything. I wonder if we could get rid of nsEscape and just always use nsEscapeWithLength, and then pass ns(C)String around, and not raw char pointers. But not about this bug.