Network tab doesn't escape HTML in JSON responses

RESOLVED WORKSFORME

Status

()

Firefox
Developer Tools: Netmonitor
P3
normal
RESOLVED WORKSFORME
3 years ago
4 months ago

People

(Reporter: Josh Tumath, Assigned: Vincent Lequertier, Mentored)

Tracking

({good-first-bug})

Trunk
x86_64
Linux
good-first-bug
Points:
---
Bug Flags:
qe-verify +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [netmonitor-reserve])

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
1. Open a page that receives a JSON response with HTML in it
2. Click on that response
3. Click on the preview tab

All of the HTML is interpreted, which can lead to some interesting results.
Thanks for the report!

Honza
Mentor: odvarko@gmail.com
Flags: qe-verify+
Keywords: good-first-bug
Priority: -- → P3
Whiteboard: [netmonitor-reserve]
(Assignee)

Comment 2

9 months ago
Hi,

Can I work on this? :-)

Vincent
Sure!

Assigned to you. I am not sure if this is still a problem (there is no test case I could try) so, it would be nice if we can get one first.

Honza
Assignee: nobody → vi.le
(Assignee)

Comment 4

9 months ago
I can reproduce the issue :

If a webserver is configured to send a Content-Type text/html for a json file, the content of the json file is interpreted as html in the preview tab. But this is the correct behavior, right ? Reporter, is that what you mean?

If a webserver sends a json response with the Content-Type application/json, then there is no preview tab and nothing is interpreted.
(Assignee)

Comment 5

9 months ago
Created attachment 8847541 [details]
A script to create a php webserver with content-type text/html for all requests

This a script to reproduce the issue:

run it with:

php -S 127.0.0.1:8080 -file test.php

then put this json in same directory as the script:

{"test":"<em>test</em"}

And point firefox to localhost:8080/test.json

test is in italic.
Thanks, the test case works for me.

Just a small typo, content of the JSON file should be (see the closing tag):

{"test":"<em>test</em>"}

Now, how do you want to fix this?

Honza
(Assignee)

Comment 7

8 months ago
I'm not sure if this is really a bug. If the content type is text/html, it seems logical to me that firefox interpret the file as html. Is this the expected behavior?
Firefox appropriately looks at the MIMEtype of the document. In your example, the PHP server returns a `text/html` header when it is not html. Because of that, FF shows a preview pane. When the proper header `text/txt` or `text/json` is returned, firefox will not show a preview. I think this is a WORKSFORME.
(Reporter)

Updated

4 months ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → WORKSFORME
(Assignee)

Comment 9

4 months ago
I wasn't sure. Thanks for taking a look!
You need to log in before you can comment on or make changes to this bug.