Closed
Bug 1276428
Opened 8 years ago
Closed 8 years ago
Google Forms precompiled URLs containing %0A or %3C are not correctly managed
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: patrick.zanon, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Build ID: 20160507231935 Steps to reproduce: I entered into the browser the following precompiled link of the Google forms: https://docs.google.com/forms/d/1W3m2IlO9IbVOdD2xKV2jBuOcPooHVHfHx9JLXkapug4/viewform?entry.1892547157=patrick.zanon@gmail.com&entry.1925673112=Zanon&entry.875761068=Patrick&entry.235524706=1A&entry.775447471=67-(30-26)*%7B%5B94-18%5D:2-%5B15%2B(45-26)%5D%7D%0A67-4*%7B%5B94-18%5D:2-%5B15%2B19%5D%7D%0A67-4*%7B76:2-%5B15%2B19%5D%7D%0A67-4*%7B76:2-34%7D%0A67-4*%7B38-34%7D%0A67-4*4%0A67-16%0A51+%3C!--mat(1,511,81)--%3E&entry.1902033024=51+%3C!--mat(1,64,1)--%3E&entry.532412603=69%2B(17%2B11*5):%5B(45%2B29):2-68:2%5D%0A69%2B(17%2B55):%5B74:2-68:2%5D%0A69%2B72:%5B74:2-68:2%5D%0A69%2B72:%5B37-34%5D%0A69%2B72:3%0A69%2B24%0A93+%3C!--mat(1,511,81)--%3E&entry.642230352=93+%3C!--mat(1,64,1)--%3E&entry.2040284953=%5B17-(15-3):4%5D*2-%5B(3%2B4)*4%5D%0A%5B17-12:4%5D*2-%5B7*4%5D%0A%5B17-3%5D*2-28%0A14*2-28%0A28-28%0A0+%3C!--mat(1,511,81)--%3E&entry.1101714191=0+%3C!--mat(1,64,1)--%3E and I selected "Casa" as the first answer and then I pressed the "Continue" button Actual results: The form is not correctly loaded since the answers of the exercise x1 that should contain both new lines and "<" characters are not correctly displayed: here follows the wrong result 67- 30-26 *{ 94-18 :2- 15 45-26 } 67-4*{ 94-18 :2- 15 19 } 67-4*{76:2- 15 19 } 67-4*{76:2-34} 67-4*{38-34} 67-4*4 67-16 51 !-mat 1,511,81 -> Expected results: On the contrary, by loading the previous URL with Chromium I have the correct result, which is: 67-(30-26)*{[94-18]:2-[15+(45-26)]} 67-4*{[94-18]:2-[15+19]} 67-4*{76:2-[15+19]} 67-4*{76:2-34} 67-4*{38-34} 67-4*4 67-16 51 <!--mat(1,511,81)-->
|
Reporter | |
Updated•8 years ago
|
Component: Untriaged → Private Browsing
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
|
||
Comment 1•8 years ago
|
||
Nothing about the description seems to be related to the private browsing feature.
Component: Private Browsing → Untriaged
|
|
Reporter | |
Updated•8 years ago
|
Summary: URLs containing %0A or %3C are not correctly managed → Google Forms precompiled URLs containing %0A or %3C are not correctly managed
|
|
Reporter | |
Updated•8 years ago
|
Version: 45 Branch → 46 Branch
|
|
Reporter | |
Updated•8 years ago
|
OS: Linux → Windows
|
||
Comment 2•8 years ago
|
||
User Agent Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 Build ID 20160531030258 I could not reproduce the issue on Ubuntu 15.04 and Windows 10. I tested on Firefox 45, Firefox 46, Firefox 46.0.1 and latest Nightly (49.0a1). Could you test in Safe Mode (https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode) and with a new profile( https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles) to see if the issue is still reproducible?
Flags: needinfo?(patrick.zanon)
|
|
Reporter | |
Comment 3•8 years ago
|
||
I can confirm that the problem is related to NoScript plugin that stops every Cross-site scripting (XSS) and then by filtering the url that is suspected of javascript injection... Thanks! P. Zanon
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Flags: needinfo?(patrick.zanon)
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•