Open Bug 1686574 Opened 4 years ago Updated 11 days ago

Firefox doesn't do correct binary detection on mislabeled (text/plain) resources if they're compressed (gzipped)

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Version:
Firefox 84
Type:
defect

Tracking

()

People

(Reporter: slizgi, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

Print screen2021-01-13 215432.png
2.69 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0

Steps to reproduce:

Try download .msp (Windows Installer Patch) file. And save as .msp file, not a text, not open it as .txt file.

https://knowledge.autodesk.com/support/3ds-max/downloads/caas/downloads/content/autodesk-3ds-max-2016-service-pack-2.html

Actual results:

When I click on link with .msp file to download, instead of download popup, I get the file open in tab. It looks like you try open .exe file in text editor. A lot of text and weird signs, and it once crashes Firefox too :)
When I right-click and choose, save target as... it works, but it suggests that this is txt file and save them as "name.msp.txt" and 300mb .txt . Changing name do not help after download, cause Windows Explorer crashes with this big .txt file :)

Expected results:

It should get this file as .msp (Windows Installer Patch) and ask where to download them, or just download them .exe or .msi file.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → File Handling

The server is handing the file as Content-Type: text/plain

Moving to Web Compatibility, hopefully we can ask Autodesk to fix the misconfiguration. We'll evaluate whether we should workaround these errors on Firefox side.

Component: File Handling → Desktop
Product: Firefox → Web Compatibility

Basti, do you know if/how we implement the text/plain sniffing for binary as described in https://mimesniff.spec.whatwg.org/#sniffing-a-mislabeled-binary-resource , and why it's not kicking in here (and/or, why Chrome does download rather than display)?

Flags: needinfo?(sstreich)

We do have this and it should also kick in for text/plain, in general.
The problem here is that the content is encoded. In this case the sniffed buffer is gzipped. So sniffing for characters is pointless and we abort, which means we value text/plain. We would need to stop and decompress it first.
https://searchfox.org/mozilla-central/source/netwerk/streamconv/converters/nsUnknownDecoder.cpp#877 here is where we're stopping the sniffing. :)

Flags: needinfo?(sstreich)

The network layer always handles decompression, right? If so, we should probably change the order of these operations. Somewhat surprised this hasn't come up before.

This is still a website misconfiguration (given it is served as text/plain), but Chrome handles it so we should probably improve how we follow the spec so that this works in Firefox, too.

Status: UNCONFIRMED → NEW
Component: Desktop → Networking
Ever confirmed: true
Product: Web Compatibility → Core
Summary: Firefox treat .msp file (Windows Installer Patch) as a .txt file. → Firefox doesn't do correct binary detection on mislabeled (text/plain) binary resources if they're compressed (gzipped)
Summary: Firefox doesn't do correct binary detection on mislabeled (text/plain) binary resources if they're compressed (gzipped) → Firefox doesn't do correct binary detection on mislabeled (text/plain) resources if they're compressed (gzipped)
Severity: -- → S4
Priority: -- → P2
Whiteboard: [necko-triaged]
Priority: P2 → P3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: