Closed
Bug 1066001
Opened 10 years ago
Closed 7 years ago
Network tab doesn't escape HTML in JSON responses
Categories
(DevTools :: Netmonitor, defect, P3)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: josh.tumath+bugzilla, Assigned: vincent, Mentored)
Details
(Keywords: good-first-bug, Whiteboard: [netmonitor-reserve])
Attachments
(1 file)
1. Open a page that receives a JSON response with HTML in it 2. Click on that response 3. Click on the preview tab All of the HTML is interpreted, which can lead to some interesting results.
|
||
Comment 1•7 years ago
|
||
Thanks for the report! Honza
Mentor: odvarko
Flags: qe-verify+
Keywords: good-first-bug
Priority: -- → P3
Whiteboard: [netmonitor-reserve]
|
Assignee | |
Comment 2•7 years ago
|
||
Hi, Can I work on this? :-) Vincent
|
|
||
Comment 3•7 years ago
|
||
Sure! Assigned to you. I am not sure if this is still a problem (there is no test case I could try) so, it would be nice if we can get one first. Honza
Assignee: nobody → vi.le
|
|
Assignee | |
Comment 4•7 years ago
|
||
I can reproduce the issue : If a webserver is configured to send a Content-Type text/html for a json file, the content of the json file is interpreted as html in the preview tab. But this is the correct behavior, right ? Reporter, is that what you mean? If a webserver sends a json response with the Content-Type application/json, then there is no preview tab and nothing is interpreted.
|
|
Assignee | |
Comment 5•7 years ago
|
||
This a script to reproduce the issue:
run it with:
php -S 127.0.0.1:8080 -file test.php
then put this json in same directory as the script:
{"test":"<em>test</em"}
And point firefox to localhost:8080/test.json
test is in italic.|
|
||
Comment 6•7 years ago
|
||
Thanks, the test case works for me.
Just a small typo, content of the JSON file should be (see the closing tag):
{"test":"<em>test</em>"}
Now, how do you want to fix this?
Honza|
|
Assignee | |
Comment 7•7 years ago
|
||
I'm not sure if this is really a bug. If the content type is text/html, it seems logical to me that firefox interpret the file as html. Is this the expected behavior?
|
||
Comment 8•7 years ago
|
||
Firefox appropriately looks at the MIMEtype of the document. In your example, the PHP server returns a `text/html` header when it is not html. Because of that, FF shows a preview pane. When the proper header `text/txt` or `text/json` is returned, firefox will not show a preview. I think this is a WORKSFORME.
|
Reporter | |
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
|
|
Assignee | |
Comment 9•7 years ago
|
||
I wasn't sure. Thanks for taking a look!
|
||
Updated•6 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•