Closed
Bug 1282407
Opened 9 years ago
Closed 9 years ago
revokeObjectURL breaks blob download with download attribute
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla50
| Tracking | Status | |
|---|---|---|
| firefox50 | --- | fixed |
People
(Reporter: PatrickWesterhoff, Assigned: baku)
References
Details
Attachments
(2 files, 3 obsolete files)
|
10.81 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
|
3.01 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
When using URL.revokeObjectURL directly after triggering a blob download via click() on a link element, then the download does not appear. Removing the revokeObjectURL will make it work.
See this example:
(function () {
let blob = new Blob(['test'], { type: 'text/plain' });
let url = URL.createObjectURL(blob);
let link = document.createElement('a');
link.href = url;
link.download = 'example.txt';
document.body.appendChild(link);
link.click();
//URL.revokeObjectURL(url);
})();
If you uncomment the revokeObjectURL line, then the example stops triggering a download.
It does when when you delay the execution of it using a zero-timeout, it does not work however when using an instantly fulfilled promise.
|
||
Comment 1•9 years ago
|
||
Hmm, yeah, internally we should keep object url working a bit longer, but not let new use of it to succeed after revokeObjectURL.
Flags: needinfo?(amarchesini)
|
Assignee | |
Comment 2•9 years ago
|
||
I don't think this is a good idea: this behavior would be detectable and it's not covered by the spec.
Flags: needinfo?(amarchesini)
|
|
||
Comment 4•9 years ago
|
||
I'm pretty sure we're just having a bug here because we do some operation async during download and the spec doesn't have such async task. So we should keep the object url internally alive longer.
Looking at the spec...
"When an a or area element's activation behaviour is invoked, the user agent may allow the user to indicate a preference regarding whether the hyperlink is to be used for navigation or whether the resource it specifies is to be downloaded."
So, in this case downloaded, then Gecko artificially prevents that download because we try to use the object url asynchronously after 'activation behavior'.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 5•9 years ago
|
||
The way the standards are intended to be written, parsing URLs happens synchronously, always, and that results in the resulting URL record getting a copy of the object in the blob store. At that point revocation doesn't matter, since <a> holds a copy in its associated URL record.
Flags: needinfo?(annevk)
|
|
||
Comment 7•9 years ago
|
||
Hmm, I wonder how we should implement this.
Depends on where this fails. My guess is that this fails somewhere under InternalLoad or InternalLoadEvent in docshell, and there we pass nsIURI object. Could nsIURI implementation enforce object URL to be internally alive, but it would be revoked from JS point of view.
Flags: needinfo?(bugs)
|
|
||
Comment 8•9 years ago
|
||
Looks like this has been reported to stackoverflow last year.
http://stackoverflow.com/questions/28178553/firefox-is-not-working-proper-with-url-revokeobjecturl
|
|
Assignee | |
Comment 9•9 years ago
|
||
Assignee: nobody → amarchesini
Attachment #8770959 -
Flags: review?(bugs)
|
|
Assignee | |
Comment 10•9 years ago
|
||
Comment on attachment 8770959 [details] [diff] [review]
revoke_blobURL.patch
It doesn't work in e10s.
Attachment #8770959 -
Flags: review?(bugs)
|
|
Assignee | |
Comment 11•9 years ago
|
||
Attachment #8770959 -
Attachment is obsolete: true
Attachment #8770981 -
Flags: review?(bugs)
|
|
||
Comment 12•9 years ago
|
||
Comment on attachment 8770981 [details] [diff] [review]
revoke_blobURL.patch
>+ nsCOMPtr<nsISupports> tmp;
>+ MOZ_ALWAYS_SUCCEEDS(uriBlobImpl->GetBlobImpl(getter_AddRefs(tmp)));
>+ RefPtr<BlobImpl> blobImpl = static_cast<BlobImpl*>(tmp.get());
Why static_cast here...
> DataInfo* info = GetDataInfo(spec);
>
>- if (!info) {
>- return NS_ERROR_DOM_BAD_URI;
>- }
>-
>- nsCOMPtr<BlobImpl> blob = do_QueryInterface(info->mObject);
When you actually can QI. So, I think I'd prefer QI when it is possible. A bit safer in general.
Please explain the changes to Read and Write.
And BlobImpl isn't nsISerializable, so whote does NS_WriteOptionalCompoundObject even work?
It isn't clear to me why we even support serialization of bloburls. sicking or bz might know.
We must have a test for this.
Attachment #8770981 -
Flags: review?(bugs) → review-
|
|
Assignee | |
Comment 13•9 years ago
|
||
Attachment #8770981 -
Attachment is obsolete: true
Attachment #8771250 -
Flags: review?(bugs)
|
|
||
Comment 14•9 years ago
|
||
Comment on attachment 8771250 [details] [diff] [review]
revoke_blobURL.patch
We need that testcase ;)
Separate patch for that is fine.
Attachment #8771250 -
Flags: review?(bugs) → review+
|
|
Assignee | |
Comment 15•9 years ago
|
||
> We need that testcase ;)
> Separate patch for that is fine.
I don't know how to write a test that detect a download.
Flags: needinfo?(bugs)
|
||
Comment 17•9 years ago
|
||
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a1b20019c22d
Implement nsIURIWithBlobImpl to support blobURL after revoking them, r=smaug
|
|
Assignee | |
Comment 18•9 years ago
|
||
Attachment #8771962 -
Flags: review?(bugs)
|
|
||
Comment 19•9 years ago
|
||
Comment on attachment 8771962 [details] [diff] [review]
revoke_test.patch
You never remove the listener you add to Services.wm. Doesn't this end up breaking other tests which run after this one?
Attachment #8771962 -
Flags: review?(bugs) → review-
|
|
Assignee | |
Comment 20•9 years ago
|
||
Attachment #8771962 -
Attachment is obsolete: true
Attachment #8771970 -
Flags: review?(bugs)
|
|
||
Comment 21•9 years ago
|
||
Comment on attachment 8771970 [details] [diff] [review]
revoke_test.patch
Not sure why you need download_after_revoke_page.html. Couldn't you use random data: url or even about:blank. But either way.
Attachment #8771970 -
Flags: review?(bugs) → review+
|
||
Comment 22•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox50:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
|
|
||
Comment 23•9 years ago
|
||
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/45312f91ab91
Test for nsIURIWithBlobImpl, r=smaug
|
|
||
Comment 24•9 years ago
|
||
| bugherder | ||
|
||
Comment 25•8 years ago
|
||
The commit from this bug seems to have regressed releasing blobs from memory via revokeObjectURL(). Marked that down as https://bugzilla.mozilla.org/show_bug.cgi?id=1307791.
|
|
||
Comment 26•8 years ago
|
||
Does the spec currently say that the test case (with the revokeObjectURL() uncommented) should work?
In the code patterns we have worked with create/revokeObjectURL(), the understanding has been that only after the onload event fires, it is safe to revokeObjectURL(). To me it feels that the code pattern from the test case should not work?
|
|
||
Comment 27•8 years ago
|
||
Yes, per spec it should work. See comments 4 and 5.
|
||
Updated•8 years ago
|
Depends on: CVE-2017-5415
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•