Closed Bug 1404858 Opened 7 years ago Closed 2 years ago

Site depends on broken webkit/blink mis-handling of target on javascript: links

Categories

(Web Compatibility :: Site Reports, defect, P1)

Product:
Web Compatibility
Component:
Site Reports
Version:
Firefox 55
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: stemind, Unassigned)

References

(
URL
)

Details

(Keywords: parity-chrome, parity-safari, webcompat:site-wait, Whiteboard: [sitewait]) 

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Build ID: 20170824053622

Steps to reproduce:

1. Surf to https://uptownbigband.ch
2. Click the dark green alphorn photo (upper left on the page; click the foto, not the text link)


Actual results:

Two tabs are opened instead of one


Expected results:

One tab should be opened. I. E. target-attribute must not be interpreted if javascript: pseudo protocol is used in href-attribute.
The dark green alphorn foto is on the upper RIGHT on the page.
it doesn't open a tab for "javascript:" on webkit and chrome.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Product: Firefox → Core
Whiteboard: [parity-webkit][parity-chrome]
Component: Untriaged → DOM
Priority: -- → P3
It does open a tab for javascript: on Chrome, but why there aren't two.

Hmm, does Chrome execute the JS in the current window, and we open a new one and execute there.

bz, you've dealt with javascript: protocol. Do you by any chance recall this stuff.
If not, I'll dig in some more.
Flags: needinfo?(bzbarsky)
As far as I see, we follow the spec
https://html.spec.whatwg.org/#following-hyperlinks-2
New browsing context is created in step 7, and javascript: gets executed in 14.

Reporter, could you file a bug on Chromium and Webkit? And inform the web site about broken behavior?
In this case I think our behavior is saner, so I don't think the spec should be changed.
Flags: needinfo?(bzbarsky)
Chrome is totally broken around targeted javascript:, yes (and various other aspects of javascript: loading).  In particular, you're correct that it runs the javascript: in the wrong window in this case.

I thought I'd reported this to Blink at some point, but I'm not finding it right now.  Maybe I just pointed it out in email...

Comment 4 is correct that we're doing the right thing here, per spec and sanity.  The site needs to be fixed.
Component: DOM → Desktop
Product: Core → Tech Evangelism
Version: 55 Branch → Firefox 55
Summary: href=javascript:window.open should not interprete target attribute → Site depends on broken webkit/blink mis-handling of target on javascript: links
To fix this, they can change:

<a href="javascript:window.open('http://alphornbigband.ch');" target="_blank">
  <img style="width:200px;" src="f.php?f=r/alphornbigband/alphornbigband_de.jpg?t=1504989024">
</a>

to:

<a href="https://alphornbigband.ch" target="_blank">
  <img style="width:200px;" src="f.php?f=r/alphornbigband/alphornbigband_de.jpg?t=1504989024">
</a>

Karl, could you try to get in touch please?
Flags: needinfo?(kdubost)
Priority: P3 → P1
Whiteboard: [parity-webkit][parity-chrome] → [parity-webkit][parity-chrome][needscontact]
Contacted today with the fix to their email address in the footer of the site.
Thanks everyone for the quick analysis and suggested fix.
URL: https://uptownbigband.ch
Flags: needinfo?(kdubost)
Whiteboard: [parity-webkit][parity-chrome][needscontact] → [parity-webkit][parity-chrome][sitewait]
Mass bug change to replace various 'parity' whiteboard flags with the new canonical keywords. (See bug 1443764 comment 13.)
Keywords: parity-chrome, parity-safari
Whiteboard: [parity-webkit][parity-chrome][sitewait] → [sitewait]
Product: Tech Evangelism → Web Compatibility

See bug 1547409. Moving webcompat whiteboard tags to keywords.

Keywords: webcompat:site-wait

The site has been updated with the code from comment 7.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.