155935 - klick on the screenshot and a new window pops up with corrupt code inside

Status: RESOLVED WORKSFORME

(Core :: DOM: Core & HTML, defect)

Description

[Ingo Werstler]

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.0.0) Gecko/20020530
BuildID:    2002053012

the JS open-method contains some german special characters correctly encoded as
(e.g.) ö . as long as there are entities starting with & and ending with ;
within the url, the receiving script at the webserver is not able to receive any
arguments that follow after the entity in the url. 

the same code does work with all other browsers i know.

Reproducible: Always
Steps to Reproduce:



<!-- php demonstrating the problem. save as test.php-->
<!-- with IE you will see something for $pfad_bild-->
<!-- with mozilla, you will get an error message--> 
<html>
<body>

<?php
if (isset($url)){
  echo "<pre>\n";
  echo "$$url\n";
  echo "$alttext_bild\n";
  echo "$ueberschrift\n";
  echo "$pfad_bild\n";    
  echo "</pre>\n";
}
?>


<a HREF="javascript: bigbild =
open('test.php?url=computer/spiel/test/47521&alttext_bild=Screenshot:%20Pikmin&ueberschrift=Bewertung:%204%20=%20sch&ouml;n&pfad_bild=/imperia/md/images/banner/computer/spiele/imtest2002/pikmin/Pikmin_screen1.jpg&bild_width=640&bild_height=480','bigbild','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,width=670,height=680,dependent=yes');
bigbild.moveTo(0,0); bigbild.focus();">open<br></a>


</body>
</html>

Comment 1

[Phil Schwartau]

Browser, not engine ---> DOM Level 0

Comment 2

[Phil Schwartau]

But actually, I think this WORKSFORME. Ingo, could you try the site
again with an up-to-date build? I am using binary 20020701xx on WinNT,
and I am having no trouble at this site. No errors in JS Console, either.

If an up-to-date build works OK, please mark this bug WORKSFORME; thanks -

Comment 3

[Ingo Werstler]

ups.. something went wrong when i posted the answer yesterday, so once again:

i tried a new build (july 5th or something like that) and the error is still the
same. it seems like mozilla does not pass the url-encoded parameters correctly
to the webserver, so that they can be accessed by the server sided script.
everything after an entity like ö is passed as the value to the the last
parameter before  the entity. e.g. if you pass ?a=abcödef&b=test "a"'s
value will be abcödef&b=test, but not abcödef. b will not be accesible
by the server script.

of course there is no JS-error, as it does not affect the js-code. the js-code
ist correct.

this is not a problem of my machine. i'm working at sueddeutsche.de and this is
a common problem of readers with mozilla-browser.

i found another bug here, which describes a similar problem of the window.open
function in conjunction with passing parameters to a server sided script. it's
bug 125718 and was posted in february, but it's not fixed yet.

Comment 4

[Boris Zbarsky [:bzbarsky]]

Looks like a URI parsing/escaping issue...

Comment 5

[Andreas Otte]

This could be one of two things:

1. Javascript urls are getting unescaped before given to the javascript engine.
If you have any encoded characters like %20 for example that you want to survie
this procedure then encode them as %2520.

==> fix your url

2. & and ; are special characters inside URIs that denote values and parameters.
HTML encoding is not url encoding. In this case ; marks a URI parameter, so if
you use HTML encoding in an URI that needs to be escaped to stop the url parser
from doing the wrong thing. There are functions to escape HTML encoding in
nsEscape.cpp, they seem not to be triggered from layout with these uris.

==> htmlparser/layout problem, should be assigned to that component.

Comment 6

[Darin Fisher]

WORKSFORME linux trunk 2003022108.