1477546 - Enable right click and copy add-on breaks window `prompt` method

Status: RESOLVED INACTIVE

(WebExtensions :: Developer Outreach, defect)

Description

[mirzababaei@aut.ac.ir]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Build ID: 20180713213322
Firefox for Android

Steps to reproduce:

this code works when you click the button in IE, Edge, Chrome but says undefined  in Firefox
<button onClick="NoRead();">No:</button>
<script>
function NoRead() {  alert(prompt("Enter No","10")); }
</script>



Actual results:

undefined


Expected results:

10

Comment 1

[:Gijs (he/him)]

Not a security bug. Did you mean to file a bug about Firefox for Android, or Firefox on desktop?

FWIW, I can't reproduce an issue with Firefox beta 62 on macOS.

Comment 2

[mirzababaei@aut.ac.ir]

Firefox Quantum 62.0b10 (64bit) running on a windows 10 and Sony Vaio F serie
the bug only shows when clicking on the button (running as callback function!)

result of the statement in regular is 10
but in a callback function is undefined!
alert(prompt("Enter No","10"));
this can change the values in banking transactions.

Comment 3

[:Gijs (he/him)]

(In reply to mirzababaei@aut.ac.ir from comment #2)
> Firefox Quantum 62.0b10 (64bit) running on a windows 10 and Sony Vaio F serie
> the bug only shows when clicking on the button (running as callback
> function!)
> 
> result of the statement in regular is 10
> but in a callback function is undefined!
> alert(prompt("Enter No","10"));
> this can change the values in banking transactions.

Can you link to a complete testcase where you're seeing this? Can you reproduce on a clean profile? ( https://support.mozilla.org/kb/profile-manager-create-and-remove-firefox-profiles )

Comment 4

[:Gijs (he/him)]

Also, do you see the actual prompt dialog as expected?

Comment 5

[mirzababaei@aut.ac.ir]

Thank you Mr. Gijs.
Cleaning the profile (as you instructed) guided me to omit the an addon named "Enable right click and copy".
Mentioned addon was the reason of the fault.

Comment 6

[:Gijs (he/him)]

(In reply to mirzababaei@aut.ac.ir from comment #5)
> Thank you Mr. Gijs.
> Cleaning the profile (as you instructed) guided me to omit the an addon
> named "Enable right click and copy".
> Mentioned addon was the reason of the fault.

Oh, cool! Thanks for updating us. Yes, looking at the code in the add-on, it does this:

  const original = {
    preventDefault: Event.prototype.preventDefault,
    alert: window.alert,
    confirm: window.confirm,
    prompt: window.prompt,
  };



  ['alert', 'confirm', 'prompt'].forEach((prop) => {
    window[prop] = function fn(...args) {
      if (paused || !mouseRightButtonDown) {
        original[prop].apply(this, args);
      }
    };
  });

on every website. Note that even when it decides to allow calling the original methods, it doesn't return the result of that call to the caller. If it did, this bug wouldn't occur. I would suggest reporting this issue to the the developer of the add-on.

Andreas, can you check if the author of https://addons.mozilla.org/en-US/firefox/addon/enable-rightclick-and-copy/ has a bugzilla account and either needinfo them here adn/or email them? Thanks!

(I looked for a github repo for the add-on but didn't find one.)

Comment 7

[Andreas Wagner [:TheOne] [use NI]]

There is a similar, but not exact match on the email address for a bugzilla account, so I reached out using the reviewer tools, pointing to this bug. Given the add-on was hasn't been updated in over a year, I am not sure how much traction it will get.

Comment 8

[Andreas Wagner [:TheOne] [use NI]]

There hasn't been any response, so the add-on has been rejected.

Comment 9

[David Durst [:ddurst]]

Closing this as Inactive.