Closed Bug 1680139 Opened 4 years ago Closed 3 years ago

Filename containig "。" when downloaded could turn into "%u3002"

Categories

(Core :: Internationalization, defect, P2)

Product:
Core
Component:
Internationalization
Version:
Firefox 83
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
97 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- wontfix
firefox-esr91 --- wontfix
firefox83 --- wontfix
firefox84 --- wontfix
firefox85 --- wontfix
firefox95 --- wontfix
firefox96 --- wontfix
firefox97 --- fixed

People

(Reporter: kzyswd, Assigned: emk, NeedInfo)

References

(Regression)

Details

(Keywords: parity-chrome, regression)

Attachments

(4 files)

Bug 1680139 - Add the ability for unEscapeURIForUI to disable re-escaping IDN blocklisted characters. r?#necko-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1680139 - Stop re-escaping IDN blocklisted characters in download file names. r?mak
48 bytes, text/x-phabricator-request
Details | Review
Bug 1680139 - Stop re-escaping IDN blocklisted characters in downloads.download. r?robwu
48 bytes, text/x-phabricator-request
Details | Review
Bug 1680139 - Stop re-escaping IDN blocklisted characters in uriloader/exthandler/. r?mtigley
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0

Steps to reproduce:

Download a file that contains "。" in filename.

Actual results:

Depending on the website, the character "。" in filename of downloaded file could turn into "%u3002".

Expected results:

Character "。" in filename stays as "。".

Test files (file could expire, please let me know and I'll try to re-upload)
Not affected: https://gofile.io/d/1ksLLf
Affected: https://volafile.org/r/1hhg8xmnc

Characters with UTF-16 %u3001 (、) and %u3003 (〃) were not affected. Only %u3002 (。) for some reason.

Version: Firefox 85 → Firefox 83

#1 regression window("、。〃" -> "%u3001%u3002%u3003"):
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=992784f79f96&tochange=f884c46fa07d

#2 partially progression("、。〃" -> "、%u3002〃"):
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=febe82aa4ed2&tochange=265e01c7ff55

Status: UNCONFIRMED → NEW
Has Regression Range: --- → yes
Has STR: --- → yes
status-firefox83: --- → wontfix
status-firefox84: --- → wontfix
status-firefox85: --- → affected
status-firefox-esr78: --- → wontfix
Component: Untriaged → Internationalization
Ever confirmed: true
Keywords: regression
Product: Firefox → Core
Regressed by: 1101625
Keywords: parity-chrome

Bug 1101625 partially fixed the problem. The actual regressor is bug 415491.

Regressed by: 415491
No longer regressed by: 1101625
Severity: -- → S3
Priority: -- → P2

Masatoshi, Makoto - do you plan to take this? It's P2 without an assignee, so I'd like to either downgrade it or assign. :)

Flags: needinfo?(m_kato)
Flags: needinfo?(VYV03354)

I'm fine with taking this, but what is the desirable behavior? Should we just stop escaping characters in UnEscapeURIForUI and WONTFIXing bug 415491?

Zibi asked me to comment on this but: Why do we use the escaping format %uHHHH for anyhing at all? Or is that escape coming from the site? (The test case has expired.)

That's bug 1248812.

Reuploaded test files just in case
Not affected: https://gofile.io/d/oMT5cG
Affected: https://volafile.org/r/1hhg8xmnc

Not affected: https://gofile.io/d/oMT5cG

If the Content-Disposition: header gives a filename, this bug does not affect the filename.

Affected: https://volafile.org/r/1hhg8xmnc

Otherwise, filename would be derived from the URL and this bug affect the filename.

IMO it does not make sense to escape the downloaded file names given that we do not escape filenames from the Content-Disposition: header and it is not considered as a vulnerability. We should stop calling unEscapeURIForUI to derive filenames from the URL instead of tweaking unEscapeURIForUI.

Taking the bug.

Assignee: nobody → VYV03354
Flags: needinfo?(VYV03354)

Another char with similar problem.

(hyphen %u2010)

:emk - any progress on this bug? Wanted to check if the NI on :m_kato is still needed.

Flags: needinfo?(VYV03354)

(In reply to Masatoshi Kimura [:emk] from comment #9)

If the Content-Disposition: header gives a filename, this bug does not affect the filename.

Correction: If the Content-Disposition: header gives a filename with raw utf-8 characters (such as gofile.io), this bug does not affect the filename. If the Content-Disposition: header gives a filename with the rfc 6266 format, this bug affects the filename.

Flags: needinfo?(VYV03354)
Pushed by VYV03354@nifty.ne.jp: https://hg.mozilla.org/integration/autoland/rev/4242ce68dcc9 Add the ability for unEscapeURIForUI to disable re-escaping IDN blocklisted characters. r=m_kato https://hg.mozilla.org/integration/autoland/rev/a10592d98dcd Stop re-escaping IDN blocklisted characters in download file names. r=necko-reviewers,dragana https://hg.mozilla.org/integration/autoland/rev/4bab917cdac4 Stop re-escaping IDN blocklisted characters in downloads.download. r=robwu

https://hg.mozilla.org/mozilla-central/rev/4242ce68dcc9
https://hg.mozilla.org/mozilla-central/rev/a10592d98dcd
https://hg.mozilla.org/mozilla-central/rev/4bab917cdac4

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox97: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 97 Branch

The problem was not fixed somehow. Reopening.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
See Also: → 1248812
Attachment #9256767 - Attachment description: Bug 1680139 - Stop re-escaping IDN blocklisted characters in uriloader/exthandler/ → Bug 1680139 - Stop re-escaping IDN blocklisted characters in uriloader/exthandler/. r?mtigley
Pushed by VYV03354@nifty.ne.jp: https://hg.mozilla.org/integration/autoland/rev/fbeb948af56d Stop re-escaping IDN blocklisted characters in uriloader/exthandler/. r=mtigley

Backed out for bc failures browser_download_open_with_internal_handler.js

Backout link: https://hg.mozilla.org/integration/autoland/rev/daf2f92f1a17c468659020e8167a68628c1446d5
Log link: https://treeherder.mozilla.org/logviewer?job_id=362690401&repo=autoland&lineNumber=3365

Flags: needinfo?(VYV03354)

Some other tests in the same directory assume that the download list is empty at first. I'll add a cleanup function.

Flags: needinfo?(VYV03354)
Pushed by VYV03354@nifty.ne.jp: https://hg.mozilla.org/integration/autoland/rev/18ad4f8ecac7 Stop re-escaping IDN blocklisted characters in uriloader/exthandler/. r=mtigley

https://hg.mozilla.org/mozilla-central/rev/18ad4f8ecac7

Status: REOPENED → RESOLVED
Closed: 3 years ago3 years ago
status-firefox97: affectedfixed
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: