Closed Bug 135289 Opened 23 years ago Closed 23 years ago

Meta http-equiv tags w.r.t. cache control and forms not working properly

Categories

(Core :: DOM: Navigation, defect)

defect
Not set
normal

Tracking

()

VERIFIED FIXED
mozilla1.0.1

People

(Reporter: tever, Assigned: radha)

Details

(Whiteboard: [adt3 RTM])

Attachments

(2 files)

Overview Description:  After submitting a form which uses <META
HTTP-EQUIV="Cache-control" CONTENT="no-store"> to control caching, and then
hitting the back button, text boxes should be wiped clean.  This works properly
if the Cache-control is sent via http headers directly.

Steps to Reproduce:
1.)  run the attached script
2.)  fill in the text and password box
3.)  click submit
4.)  click on back button

Actual Results:  the text box is pre-filled with what was previously entered

Expected Results:  it should be wiped clean

Build Date & Platform Bug Found:  2002032720 all platforms

Additional Information:  attaching the script, I have this set up on an internal
site but I can't supply the link here, sorry.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0.1
Bug 134029 may be related.
Darin, If I remember right, HTML <Meta HTTP-equiv ... > tags don't work right? 
Is that a bug or is it not supported intentionally.
meta http-equiv tags probably won't effect docshell's decision to save or forget
layout state.  that decision is made during the necko OnStartRequest event...
meta http-equiv (and other HTML tags) are parsed later on.  so to fix this we
need to some how tell session history to not remember layout state when we
detect one of the special HTTP headers as a meta http-equiv.
Docshell already has code to parse  <Meta http-equiv="Refresh" ....> tags. I
guess we should add code in Docshell to parse other tags too and let session
history decide based on what was found.
Here is a internal  testcase site
http://10.169.103.61/webpub/testcases/Caching_behavior_of_Forms.html.
Among the testcases at the  internal website, I'm not sure why the expected
behavior for testcase #19 (which just uses no-cache) is to have all text fields
wiped clean. IMo, only password field  should be wiped clean and which is how
mozilla currently behaves. 
The patch looks for no-store, no-cache flags in the Http Channel in
nsDocShell::EndPageLoad(), and updates the current page's SHEntry with
appropriate flags to save layouthistorystate. This can not be done earlier
because <META http-equiv ...> tags are detected well after we create an entry
for a page in OnNewURI().
Comment on attachment 82696 [details] [diff] [review]
Patch to docshell

looks good to me. (r=rpotts@netscape.com)
Attachment #82696 - Flags: review+
Comment on attachment 82696 [details] [diff] [review]
Patch to docshell

>Index: nsDocShell.cpp

>+            discardLayoutState = ShouldSaveLayoutState(httpChannel);

the name "ShouldSaveLayoutState" is very misleading... you'd expect it
to return TRUE if the layout state should be saved, but instead it
returns FALSE.	how about calling it "ShouldDiscardLayoutState" instead?

with that change, sr=darin
Attachment #82696 - Flags: superreview+
corrected testcase 19 expected results per radha's comments
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
ADT, this bug is about support for <META HTTP-EQUIV="Cache-control"
CONTENT="no-store">. The fix has been in the trunk for while. Please approve it
for the branch.

Keywords: adt1.0.1
claudius - can you pls verify this fix on the trunk? thanks!

evelyn/radha - is this issue happening on any top sites, or is this is a
privacy/security issue we wish to resolve? i think i understand the benefit, but
i do not know that it will an issue that has visibility. pls help ME understand.

last, what's ourt exposure here in terms of risk, if we take this fix (i.e. If
this caused a regression, what types of things could be affected)? 

I have not seen this happen on the top sites. This is more of a missing feature
than a bug fix.  The patch primarily looks for cache control headers in the
httpChannel and sets a flag in nsISHEntry. The worst thing that could happen in
remote cases is the channel giving wrong information about the presence of these
headers and thereby docshell setting the wrong flag in nsISHEntry. I don't see
this patch causing regressions in other areas. The rest of the patch is
consolidation of existing code to use the newly introduced function.
VERIFIED Fixed with 20020613 builds
Status: RESOLVED → VERIFIED
adt1.0.1-. let's try and get this in for the next release.
Keywords: adt1.0.1adt1.0.1-
Whiteboard: [adt3 RTM]
Component: History: Session → Document Navigation
QA Contact: claudius → docshell
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: