Closed
Bug 99467
Opened 23 years ago
Closed 21 years ago
[quirks]options of <a>-tag inside textarea are stripped (compare to source)
Categories
(Core :: DOM: HTML Parser, defect, P3)
Tracking
()
RESOLVED
FIXED
mozilla1.4alpha
People
(Reporter: lucifer, Assigned: harishd)
References
()
Details
(Keywords: compat, dataloss, testcase)
Attachments
(2 files, 2 obsolete files)
380 bytes,
text/html
|
Details | |
10.09 KB,
patch
|
harishd
:
review+
harishd
:
superreview+
asa
:
approval1.4+
|
Details | Diff | Splinter Review |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.3) Gecko/20010801 BuildID: 2001080110 The <a>-tag inside the <textarea> shouldn't be modified by Mozilla. In mozilla, it shows "<a> ... </a>" when viewing the form, but when viewing the HTML source, the <a>-tag in fact has a "name" and "target" parameter. Reproducible: Always Steps to Reproduce: 1. surf to the page :) 2. scroll down in the textarea 3. compare to source Actual Results: mozilla messed up the <a>-tag. Expected Results: leave the text between <textarea> and </textarea> alone. the bug doesn't seem to occur when one just creates a simple form with a textarea and an <a>-tag inside it.
Comment 1•23 years ago
|
||
You _do_ know that you should escape "<" as "<" to prevent just this from happening, right? Over to parser; at a guess that's where the issue is.... Seeing this on linux build 2001-09-07-12 as well.
Assignee: rods → harishd
Status: UNCONFIRMED → NEW
Component: HTML Form Controls → Parser
Ever confirmed: true
OS: Windows 98 → All
QA Contact: madhur → bsharma
Comment 2•23 years ago
|
||
Comment 3•23 years ago
|
||
The problem is that <a> tag gets parsed before the javascript creates the <textarea tag. I'm not sure what should happen. Note: Teplacing the < with a < causes the textarea tag to show up as text - the javascript gets the text verbatim, it is the HTML parser that expands the entities. I think that this is correct.
Keywords: testcase
Comment 4•23 years ago
|
||
David, I meant escaping the "<" in "<a" as "<". With that change the dynamic textarea write works too.
Reporter | ||
Comment 5•23 years ago
|
||
well IMHO the tag should either be converted into a link or left alone, not changed into <a>. IE4 and NN4.7 show the full <a href=...> tag in the textarea. ofcourse, escaping < and > is best :) i couldn't find on www.w3c.org if tags inside a textarea are allowed or not in the first place..
Comment 6•23 years ago
|
||
> i couldn't find on www.w3c.org if tags inside a textarea are allowed or not in
> the first place
They are not. If the <textarea> is just a tag in the html, we render it as NS4
and IE do. It's only with dynamically written textareas, as David pointed out,
that the parser gets confused.
Comment 7•23 years ago
|
||
Seems like the < should be escaped...marking quirks.
Summary: options of <a>-tag inside textarea are stripped (compare to source) → [quirks]options of <a>-tag inside textarea are stripped (compare to source)
Status: NEW → ASSIGNED
Priority: -- → P3
Target Milestone: --- → mozilla0.9.7
Not a critical issue. Moving to 0.9.9
Target Milestone: mozilla0.9.7 → mozilla0.9.9
Mass moving bugs to 1.1
Target Milestone: mozilla1.0 → mozilla1.1
Comment 10•22 years ago
|
||
*** Bug 133518 has been marked as a duplicate of this bug. ***
Comment 11•22 years ago
|
||
I was wrong. Bug 133518 has a testcase with a static textarea that shows this problem.
Comment 12•22 years ago
|
||
*** Bug 156432 has been marked as a duplicate of this bug. ***
[was 1.1alpha]
Target Milestone: mozilla1.1alpha → Future
Comment 14•22 years ago
|
||
blogger.com is a fairly major site that is affected by this bug (see bug 156432). I'd like to suggest that this be reconsidered. Nominating for next Netscape release.
Keywords: nsbeta1
Comment 15•22 years ago
|
||
I think this needs to be fixed for 1.1. This bug makes blogger unusable. Actually it's even worse than that, since it mangles your blogger template, which results in data loss. I have spent hours recovering my blogger templates because of this bug.
Updated•22 years ago
|
Comment 16•22 years ago
|
||
For static textareas, Phil Ringnalda has worked out that it is unescaped |</noscript>|s inside textareas which are causing the bug. (See bug 157800 comment 10)
Comment 17•22 years ago
|
||
By the definitions on <http://bugzilla.mozilla.org/bug_status.html#severity> and <http://bugzilla.mozilla.org/enter_bug.cgi?format=guided>, crashing and dataloss bugs are of critical or possibly higher severity. Only changing open bugs to minimize unnecessary spam. Keywords to trigger this would be crash, topcrash, topcrash+, zt4newcrash, dataloss.
Severity: normal → critical
Comment 18•22 years ago
|
||
*** Bug 192968 has been marked as a duplicate of this bug. ***
Comment 19•22 years ago
|
||
*** Bug 195272 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 20•21 years ago
|
||
Did a little bit of investigation ( in fact have a "fix" in hand for this bug ) and found out that the duplicate bugs aren't exactly the same bug. The duplicate bugs are caused by </noscript> inside textarea while this bug is caused by document.written <textarea>.
Assignee | ||
Comment 21•21 years ago
|
||
Making sure to stop preserving content once the target tag's ( that initiated the content preserving ) matching end tag is encountered. Also, passing this information to tokenizers that are on the stack. This should fix this bug and its duplicates. Note: I haven't run the parser regression test or walked through the top 100 sites yet.
Assignee | ||
Comment 22•21 years ago
|
||
This patch in addition to fixing this bug and its duplicates also fixes a completely document.written textarea. That is, it fixes samples like: <script language="JavaScript"> document.write('<textarea rows="1", cols="80">') document.write('<font style="green"> Mozilla </font>'); document.write('</textarea>'); </script> Note: Patch v1.0 and v1.1 passed parser regression test.
Attachment #123926 -
Attachment is obsolete: true
Attachment #123987 -
Flags: superreview?(jst)
Attachment #123987 -
Flags: review?(heikki)
Comment on attachment 123987 [details] [diff] [review] Patch v1.1 >Index: htmlparser/public/nsITokenizer.h >=================================================================== >Index: htmlparser/src/CParserContext.cpp >=================================================================== >+ // Propagate tokenizer state so that information is presereved Typo, should be |preserved|. >Index: htmlparser/src/nsExpatDriver.cpp >=================================================================== >Index: htmlparser/src/nsHTMLTokenizer.cpp >=================================================================== >+ nsHTMLTokenizer* rhsTokenizer = NS_STATIC_CAST(nsHTMLTokenizer*, aTokenizer); >+ mPreserveTarget = rhsTokenizer->mPreserveTarget; You could get rid of the temporary. >Index: htmlparser/src/nsHTMLTokenizer.h >=================================================================== >+ PRInt32 mFlags; Make it unsigned. >Index: htmlparser/src/nsParser.cpp >=================================================================== >+ mParserContext= oldContext->mPrevContext; Add space before =. Basically just syntax review so far. I'll talk to you in person figure out why this really fixes things. Should also run visual check on top100 and do page load tests.
Comment 24•21 years ago
|
||
Comment on attachment 123987 [details] [diff] [review] Patch v1.1 What heikki said, and: - In nsITokenizer.h: + NS_IMETHOD CopyStates(nsITokenizer* aTokenizer) = 0; Don't you want to call this CopyState() and not CopyStates()? Singular sounds more natural here. sr=jst
Attachment #123987 -
Flags: superreview?(jst) → superreview+
Comment on attachment 123987 [details] [diff] [review] Patch v1.1 r=heikki after talking this through with harishd. Land this on trunk first, and if everything goes well and we don't see regressions in a few days seek permissions to land it on the 1.4 branch.
Attachment #123987 -
Flags: review?(heikki) → review+
Assignee | ||
Comment 26•21 years ago
|
||
Note: Walked through top 50 sites and they looked ok.
Attachment #123987 -
Attachment is obsolete: true
Assignee | ||
Comment 27•21 years ago
|
||
Comment on attachment 124366 [details] [diff] [review] Patch v1.2 [ addresses heikki's and jst's concerns ] Carrying forward r/sr=.
Attachment #124366 -
Flags: superreview+
Attachment #124366 -
Flags: review+
Assignee | ||
Comment 28•21 years ago
|
||
Fix landed.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Attachment #124366 -
Flags: approval1.4?
Comment 29•21 years ago
|
||
Comment on attachment 124366 [details] [diff] [review] Patch v1.2 [ addresses heikki's and jst's concerns ] a=asa (on behalf of drivers) for checkin to the 1.4 branch.
Attachment #124366 -
Flags: approval1.4? → approval1.4+
You need to log in
before you can comment on or make changes to this bug.
Description
•