Closed Bug 15204 Opened 25 years ago Closed 24 years ago

hidden inputs strip line feeds from value attribute

Categories

(Core :: Layout: Form Controls, defect, P3)

Product:
Core
Component:
Layout: Form Controls
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: mcafee, Assigned: rickg)

References

Details

(Keywords: regression, Whiteboard: [nsbeta3+][dogfood-][fixinhand])

Attachments

(4 files)

simple text area test for HTML stuff
1.91 KB, text/html
Details
Patch...
2.60 KB, patch
Details | Diff | Splinter Review
reduced testcase courtesy of pollman
254 bytes, text/html
Details
test case: hidden inputs loose linefeeds in value attribute
171 bytes, text/html
Details
Using apprunner to change the tinderbox message of the day blurb inserts weird HTML'isms that mess up the message. Working on a test case.
Status: NEW → ASSIGNED
Target Milestone: M12
Accepting bug and will work on along with all the other output bugs for M12. This is a case where the user types html source into a plaintext widget, submits it through a form as plaintext (expecting it to look like what he typed), then the cgi on the other end of the form displays it as html. We do need a test case; the easiest way might be a javascript page that does document.write of whatever it reads in from the text area.
Compare the text area contents on 4.5 & apprunner. Document.write is echoing content below the textarea, this isn't working on apprunner, but this is just extra stuff, text area content is enough to show the bug.
Changing Component to Output.
Blocks: 17907
Summary: Text areas don't post data properly → [DOGFOOD] Text areas don't post data properly
This is a dogfood candidate since it blocks mcafee's ability to use mozilla for being sherriff.
Assignee: akkana → pollmann
Status: ASSIGNED → NEW
Originally, the problem was the improper handling of entities, particularly < and >. But this has been fixed, and the plaintext output of the text in the text field is correct (modulo whitespace) now. I'm guessing now that this is due to other problems with html form controls.
Agreed, I need this for sheriff, that's dogfood for me and the other sheriffs.
On second thought, this may not be a form submission bug; this may be a parser bug. Try running viewer "http://bugzilla.mozilla.org/showattachment.cgi?attach_id=1935" and do a Dump Content. Look at what it thinks the content of the text field is, and compare that to what 4.6's View Source gives you. They're quite different. Cc'ing Harish and Rick; maybe they can shed some light on this.
Whiteboard: [PDT+]
Putting on PDT+ radar.
Assignee: pollmann → harishd
The wierdism in the textarea ( such as extra semicolons ) does look like a parser problem. Investigating the problem. Assigning bug to myself and CCing pollmann.
Component: Output → HTML Form Controls
OS: Solaris → All
Hardware: Sun → All
In addition to the extra semi's, fetching the textarea's value on nsGfxTextControlFrame is returning an empty string. This is why nothing is document.written. I'll take a look...
Got a fix for the content part of this bug - a one line change to nsGfxTextControlFrame::GetTextControlState Index: nsGfxTextControlFrame.cpp =================================================================== RCS file: /cvsroot/mozilla/layout/html/forms/src/nsGfxTextControlFrame.cpp,v retrieving revision 3.87 diff -r3.87 nsGfxTextControlFrame.cpp 814c814 < nsFormControlHelper::GetInputElementValue(mContent, &aValue, PR_TRUE); --- > GetText(&aValue, PR_TRUE); I'll check this in for M12.
Blocks: 18471
Might take a day or two ( atmost ) to fix this bug.
Checked in the fix I mentioned above.
Assignee: harishd → pollmann
Eric -- giving this back to you, per a discussion with harishd. Please enter a date into this bug when you think this will be fixed.
Status: NEW → ASSIGNED
This currently works for me on Linux. Testing on NT as soon as my build finishes. Estimate to have this working: tonight.
Harish, is the parser portion of this fix checked in?
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
My NT build finished - the fix I checked in earlier also works on NT.
QA Contact: sujay → gerardok
Status: RESOLVED → VERIFIED
works fine. verified with dec 14th's commercial build.
Reopening, this is happening again.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
This broke before 3/3, still looking.
verified with akkana that test case shows that yeah, this isn't working right.
beta1
Keywords: beta1
Also a regression.
Keywords: regression
Has not been reviewed by PDT+ team yet this time around, removing PDT+. Also, can you please provide a simple test case. There were two issues fixed with this bug report, which one is broken again?
Whiteboard: [PDT+]
Just click on the attachment to see a test case. Then do it in 4.x and see the difference.
Putting on PDT+ radar for beta1. But please fix by 03/10.
Keywords: dogfood
Summary: [DOGFOOD] Text areas don't post data properly → Text areas don't post data properly
Whiteboard: [PDT+]w/b minus on 03/10
2/23 build test case fails on linux, so it regressed before then.?
Reduced test case: <HTML> <BODY> <TEXTAREA NAME="txt"> <B>Go home</B> </TEXTAREA> </BODY> </HTML> B doesn't show up in textarea. CC'ing buster and rods.
Status: REOPENED → ASSIGNED
Passing off to Harish, looks like he has a good start on this.
Assignee: pollmann → harishd
Status: ASSIGNED → NEW
Have a fix..need to do some testing though.
Whiteboard: [PDT+]w/b minus on 03/10 → [PDT+]w/b minus on 03/10 (~ landing 03/09 )
can you attach a patch for testing?
Attached patch Patch...Splinter Review
Html Tokens used to contain the name of the tag. But for the sake of performance we now rely on the tagID rather than tag name. This caused the bug to reincarnate. FIXED this problem by including the tag name when recording trailing content ( used only for TEXTAREA).
Status: NEW → RESOLVED
Closed: 25 years ago25 years ago
Resolution: --- → FIXED
*** Bug 31155 has been marked as a duplicate of this bug. ***
Whiteboard: [PDT+]w/b minus on 03/10 (~ landing 03/09 ) → [PDT+]w/b minus on 03/10 (~ landing 03/09 ) - Need build later than 3/9 to verify
Verified on 2000-03-13-18-M15-nb1b build on Win95 and Linux, and 2000-03-13-17-M15-nb1b build on MacOS.
Status: RESOLVED → VERIFIED
Whiteboard: [PDT+]w/b minus on 03/10 (~ landing 03/09 ) - Need build later than 3/9 to verify → [PDT+]w/b minus on 03/10 (~ landing 03/09 )
No longer blocks: 17907
No longer blocks: 18471
it's baaaaaaaaack. Just wiped out tinderbox status using mozilla to admin tinderbox page. Clearing status, starting over. again.
Status: VERIFIED → REOPENED
Keywords: beta1nsbeta3
Resolution: FIXED → ---
Whiteboard: [PDT+]w/b minus on 03/10 (~ landing 03/09 )
note: this was on trunk, with linux. I may have mistyped tinderbox password, sending me to the page to reask password. Content lost all carriage returns, and was truncated, about 1/2 of the HTML disappeared. I resubmitted a skeleton html replacement and that seemed to work. Any ideas? Something's amiss in cache/submit land.
Putting on [dogfood+]FOR THE TRUNK
Whiteboard: [dogfood+]FOR THE TRUNK
See bug 38057. I have a fix for the truncation part of this bug, but not for the loss of carriage returns. The fix is to tbglobals.pl, which is part of the tinderbox cgi - it is escaping quotes wrongly, and also messes up in Nav or IE.
Assignee: harishd → pollmann
Status: REOPENED → NEW
*** Bug 38057 has been marked as a duplicate of this bug. ***
Tested on: MacOS9 2000-08-02-04-M17 Commercial build LinRH6 2000-08-02-04-M17 Commercial build Win98 2000-08-02-05-M17 Commercial build And the bug exists for all three platforms.
Additional info: The original bug was that html source was getting it's CR's stripped and replaced by garbage/misc. characters. Today, the CR's aren't stripped out, but closing angle brackets ( '>' ) are being replaced by semicolon's. Chris, if I left anything out, please update/correct/etc.
The truncation problem with tinderbox's message has been fixed. Steve was kind enough to both check in the patch and update mozilla.org's copy of tinderbox - thanks Steve! :)
Where was the patch checked in. Trunk? Branch? Trunk and Branch?
leger: patch to tinderbox server, not part of build. This bug still open for carriage return lossage (and other scrambling problems..)
Should this be downgraded from dogfood+?
I agree, and vote for dogfood-
ETA (if still +) 08-Aug-2000
Status: NEW → ASSIGNED
Whiteboard: [dogfood+]FOR THE TRUNK → [dogfood+]FOR THE TRUNK 08-Aug-2000
The linefeeds are being stripped out of the value attribute of the hidden input in CAttributeToken::Consume at nsHTMLTokens.cpp:1387 if(!aRetainWhitespace) mTextValue.StripChars("\r\n"); //per the HTML spec, ignore linefeeds... aRetainWhitespace will only be true when we are viewing the source of the document, so I don't know the solution to this one. Harish, is there a way to specify that we want to preserve linefeeds for a case like this?
Revising fix estimate - I'll be away 10-Aug and 11-Aug.
Whiteboard: [dogfood+]FOR THE TRUNK 08-Aug-2000 → [dogfood+]FOR THE TRUNK 15-Aug-2000
Line feeds in hidden inputs *should* be stripped (and converted to a single space) just like the comment says. INVALID? If we change our behaviour, then it can only be changed for quirks mode.
See bug 47078, which is directly related to the same line of code. By stripping out the CR and LF characters we are also violating the spec and breaking some additional class of sites: --------(quoting bug 47078:) This is what HTML4 spec says about the contents of CDATA attributes such as value, alt, title, href, longdesc...: # CDATA is a sequence of characters from the document character set and # may include character entities. User agents should interpret attribute # values as follows: # o Replace character entities with characters, # o Ignore line feeds, # o Replace each carriage return or tab with a single space. # User agents may ignore leading and trailing white space in CDATA attribute # values (e.g., " myval " may be interpreted as "myval"). -- http://www.w3.org/TR/REC-html40/types.html#h-6.2 --------(end quote) This suggest some code more like: if(!aRetainWhitespace) { if (<we have a CDATA attribute>) { mTextValue.StripChars("\n"); //per the HTML spec, ignore linefeeds... mTextValue.ReplaceChar("\t"," "); // replace tabs with spaces and... mTextValue.ReplaceChar("\r"," "); // replace carriage returns with spaces... } else { mTextValue.StripChars("\r\n"); //per the HTML spec, ignore linefeeds... } } I tested (a hack of) this patch and it actually kinda makes things worse in terms of all reported bugs. For example, now the same page served off of a UNIX server may not preserve a line break (\n stripped) but on an NT server may (\r\n => ' '). It seems like what Nav and IE are doing is preserving all whitespace inside the attribute (but not leading or trailing whitespace). Is the spec out of line with industry practice here? Should we do what Nav and IE do? Is that more like this: if(!aRetainWhitespace) { if (! <we have a CDATA attribute>) { mTextValue.StripChars("\r\n"); //per the HTML spec, ignore linefeeds... } } ??? Note that there is already an exception in the spec as to how <style> and <script> content is handled - it should be passed through without stripping line breaks, so maybe this isn't to radical of a suggestion...
Ian, yes, this should only for quirks mode. That would probably include all of the sites affected by this bug.
Summary: Text areas don't post data properly → hidden inputs strip line feeds from value attribute
Whiteboard: [dogfood+]FOR THE TRUNK 15-Aug-2000 → [dogfood+] 15-Aug-2000
*** Bug 47078 has been marked as a duplicate of this bug. ***
15204 was dogfood+ and is virtually the same problem in the same area.
Whiteboard: [dogfood+] 15-Aug-2000 → [dogfood+] [nsbeta3+] 15-Aug-2000
*** Bug 47535 has been marked as a duplicate of this bug. ***
Marking this bug 'mostfreq' so that it appears on my radar. Most of the DUPs have actually been marked INVALID rather than dups of this bug, so it is not immediately obvious that this is actually a frequently reported bug. But if you don't believe me, I'm happy to forward you my bugmail...! ;-)
Keywords: mostfreq
Yes, this is a rather important bug, as I noted when I reported it elsewhere. There will be many sites that require this, as it is a common case to pass hidden inputs with carriage returns in them. CGI.pm, in fact, has this behavior. I will talk to them too.
*** Bug 48397 has been marked as a duplicate of this bug. ***
A URL for those who are interested in testing (I don't have permissions to set that field): http://home.earthlink.net/~johnkeiser/mozbug/hidden-field.html
Wanted to let people know that CGI.pm has fixed this problem on the server side in v2.71, which should come out sometime soon. When it does, you can get it at http://stein.cshl.org/WWW/software/CGI/. I figured this was relevant because a lot of people use that lib.
Talking to Eric it sounds like the remaining problem is a parser issue. Reassign to harishd Clearing the dogfood+ since it no longer truncates the message. It only looses carriage returns now. Also clearing nsbeta3+. Clearing [Aug 15] date from status as well.
Assignee: pollmann → harishd
Status: ASSIGNED → NEW
Whiteboard: [dogfood+] [nsbeta3+] 15-Aug-2000
Putting on [dogfood-]...we let eng mgr set nsbeta + or -
Whiteboard: [dogfood-]
Target Milestone: M12 → M18
Since it's not a dogfood anymore and the risk in fixing, even though the fix would be simple, this bug would be great I'm inclined to mark this bug FUTURE. If it's an error please renominate it for beta3. Thanx.
Status: NEW → ASSIGNED
Target Milestone: M18 → Future
harishd: this is an important bug, affecting many CGI scripts which will start failing in a hard-to-track way on Netscape 6.0. CGI.pm, the main CGI lib used by developers up through 2.70 (2.71 is not even out yet) does not escape the values, and even those using the lib often don't use its facility to print hidden fields, instead printing them directly. The many bugs that have appeared on this subject are most likely from many of these developers who are testing or developing their apps using Mozilla. One big reason why it affects so much is a common technique among CGI developers doing "Wizard"-like interfaces. They pass their values around the app in hidden fields until the user hits "Finish" or something similar. many such programs have text areas in them. This bug will be especially prevalent on intranets, where the Web is used for a lot of data entry. I think this needs to get into Netscape before final, given that it affects so much.
Marking beta3+.
Whiteboard: [dogfood-] → nsbeta3+
Target Milestone: Future → M18
Whiteboard: nsbeta3+ → [nsbeta3+]
Putting on [dogfood-] radar.
Whiteboard: [nsbeta3+] → [nsbeta3+][dogfood-]
Harish has the fix in hand and will try to check it in by tomorrow.
Whiteboard: [nsbeta3+][dogfood-] → [nsbeta3+][dogfood-][fixinhand]
Status: ASSIGNED → RESOLVED
Closed: 25 years ago24 years ago
Resolution: --- → FIXED
Not stripping newlines/carriage return anymore. This bug should be fxd. Marking FIXED.
Yep, it works for me.
Looks like the bug has returned. When there is a link in the body of the text area like: <A href="http://www.yahoo.com">Yahoo.com</A> The text area displays: <A href="http://www.yahoo.com">href="http://www.yahoo.com"Yahoo.com</A>
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Could you elaborate a bit? Do you mean if you put something like <TEXTAREA COLS=40> <A HREF="http://www.yahoo.com">Yahoo</A> </TEXTAREA> then it shows up wrong in the textarea? When I do that it works fine for me (see http://home.earthlink.net/~johnkeiser/mozbug/textarea-href.html) ... Also not sure how it relates to this bug. The problem does not appear to have to do with newlines at all.
this is a dup, rickg please check this fix in, this is dogfood for people running mozilla.org with .. mozilla.
rickg checked in, I think this is a dup of bug 49278, someone please verify & mark it so.
If 49278 is fixed then this should be fixed. Giving bug to rickg to verify if this bug is fixed.
Assignee: harishd → rickg
Status: REOPENED → NEW
This does appear to be a dup. The both pollmann's attachment and the inline testcase: <A href="http://www.yahoo.com">Yahoo.com</A> are working now.
Status: NEW → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → FIXED
Alright its fixed now. Verifying on -Windows 98 build 2000-09-26-08-M18 -Linux RedHat6.2 build 2000-09-27-08-M18
Status: RESOLVED → VERIFIED
*** Bug 256027 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: