Nothing happens when importing a file on the “about:logins” page
Categories
(Firefox :: about:logins, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr91 | --- | unaffected |
| firefox-esr102 | --- | unaffected |
| firefox103 | --- | unaffected |
| firefox104 | --- | wontfix |
| firefox105 | --- | wontfix |
| firefox106 | --- | wontfix |
| firefox107 | --- | wontfix |
| firefox108 | --- | verified |
People
(Reporter: srosu, Assigned: janika)
References
(Regression)
Details
(Keywords: regression)
Attachments
(4 files)
ImportFromFile_Broken.gif
[Affected versions]:
- Firefox Nightly 105.0a1 (Build ID: 20220725213209)
- Firefox Beta 104.0b1 (Build ID: 20220725154459)
[Affected Platforms]:
- macOS 12.3.1
- Windows 10 x64
- Ubuntu 20.04 x64.
[Prerequisites]:
- Have a new Firefox profile.
- Have a CSV file that contains multiple logins.
- Have the “signon.management.page.fileImport.enabled” pref set to true.
[Steps to reproduce]:
- Open the Firefox browser with the profile from prerequisites.
- Navigate to the "about:logins" page.
- Click the Menu button and select the “Import from a File…” option.
- Select the CSV file from prerequisites and click on the “Open” button.
- Observe what happens next.
[Expected result]:
- The logins from the CSV file are imported and the “Import” modal is displayed.
[Actual result]:
- The logins are not imported and the “Import” modal is not displayed.
[Regression Window]:
- The issue is not reproducible with older Nightly 104.0a1 builds. Considering this using mozregression tools I have found the regression range. Here are the results:
- Last good revision: f33bef1f7d560e494bab0599e2022a3ea53902f9
- First bad revision: c39b51a0b211e7bd45cb78f14eda63698d60dc1b
- Pushlog: link
@Tom could you please take a look over this regression window since I am not sure which bug has caused this issue?
[Notes]:
- Also, the “Error: TelemetryStopwatch: key "PWMGR_IMPORT_LOGINS_FROM_FILE_MS" was already initialized” error is displayed in the Browser Console.
- This issue is reproducible in all the use cases (import wrongly CSV files, import a non-CSV file)
- Attached is a screen recording of the issue and a screenshot with the Browser Console error.
|
Reporter | |
Comment 1•3 years ago
|
||
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
I do not have that menu option in my Firefox.... How do I get it? This is likely that commit, it can be confirmed by setting security.allow_eval_in_parent_process and security.allow_eval_with_system_principal to 'true'.
Testing in debug mode should crash with some information pointing to the source of the offending script. I don't see anything obvious in the code that looks like it's using eval...
|
||
Comment 3•3 years ago
|
||
Hi Tom,
In order to have the "Import from a File…." option available you need to set the "signon.management.page.fileImport.enabled" pref from "about:config" page to true. If you already have the "about:logins" page opened after changing the pref, you might need to refresh the page.
|
Assignee | |
Comment 4•3 years ago
|
||
This line seems to be using eval. The code that follows is not being executed anymore.
|
|
||
Comment 5•3 years ago
|
||
Yes, this line would cause the problem.
d3 seems to have fixed this issue 8 years ago. We updated to the latest 3.x version a couple years ago, but the "latest 3.x" version was already wildly out of date. The correct fix here would be to update d3 and track it better; perhaps using Updatebot.
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 6•3 years ago
•
|
||
Updating the d3 library is probably overdue, i filed a Bug for this issue.
But the latest versions are using the eval function as well, so updating d3 won't fix the problem.
In the password manager d3 is only used to parse rows, so another solution could be to write our own Parser. This way we depend on one less third party library and we don't need to worry about the use of eval.
@Tom, what do you think about this solution. How can we fix it?
|
|
||
Comment 7•3 years ago
|
||
(In reply to Janika Neuberger (:jneuberger) from comment #6)
Updating the d3 library is probably overdue, i filed a Bug for this issue.
But the latest versions are using the eval function as well, so updating d3 won't fix the problem.
In the password manager d3 is only used to parse rows, so another solution could be to write our own Parser. This way we depend on one less third party library and we don't need to worry about the use of eval.@Tom, what do you think about this solution. How can we fix it?
If we are only using d3 to parse rows, the d3.parseRows function is marked as being eval-free.
Although yes, if we are only using d3 for this one small piece of functionality, eliminating it in favor of a simple function we write ourselves - especially since it's JavaScript and not memory-unsafe code - seems like a good path forward also.
|
|
||
Comment 8•3 years ago
|
||
(In reply to Tom Ritter [:tjr] from comment #7)
Although yes, if we are only using d3 for this one small piece of functionality, eliminating it in favor of a simple function we write ourselves - especially since it's JavaScript and not memory-unsafe code - seems like a good path forward also.
+1 to "lets make own CSV parser"
|
|
Assignee | |
Comment 9•3 years ago
•
|
||
(In reply to Tom Ritter [:tjr] from comment #7)
If we are only using d3 to parse rows, the d3.parseRows function is marked as being eval-free.
Sorry, I worded this incorrectly. we are using both d3.parseRows (eval-free) and d3.parse function (uses eval).
Although yes, if we are only using d3 for this one small piece of functionality, eliminating it in favor of a simple function we write ourselves - especially since it's JavaScript and not memory-unsafe code - seems like a good path forward also.
Thank you for your opinion, I will write a CSV parser then!
|
|
Assignee | |
Comment 10•3 years ago
|
||
|
|
Assignee | |
Comment 11•3 years ago
|
||
Depends on D154404
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Comment 12•3 years ago
|
||
Setting Regressed by field after analyzing regression range found by mozregression in comment #0.
|
|
||
Comment 13•3 years ago
|
||
Set release status flags based on info from the regressing bug 1772378
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
||
Comment 15•3 years ago
|
||
Set release status flags based on info from the regressing bug 1772378
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Comment 18•3 years ago
|
||
|
||
Comment 19•3 years ago
|
||
Backed out for causing browser-chrome failures in browser/base/content/test/static/browser_all_files_referenced.js
Backout link: https://hg.mozilla.org/integration/autoland/rev/73cb94517707bbb296e25bfccd3248f1ced78d9b
INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/static/browser_all_files_referenced.js | there should be no unreferenced files - Got 1, expected +0
[task 2022-10-18T18:07:03.776Z] 18:07:03 INFO - Stack trace:
[task 2022-10-18T18:07:03.777Z] 18:07:03 INFO - chrome://mochikit/content/browser-test.js:test_is:1485
[task 2022-10-18T18:07:03.778Z] 18:07:03 INFO - chrome://mochitests/content/browser/browser/base/content/test/static/browser_all_files_referenced.js:checkAllTheFiles:1032
[task 2022-10-18T18:07:03.780Z] 18:07:03 INFO - Not taking screenshot here: see the one that was previously logged
[task 2022-10-18T18:07:03.781Z] 18:07:03 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/static/browser_all_files_referenced.js | file only referenced from unreferenced files: chrome://global/content/third_party/d3/d3.js referenced from chrome://devtools/content/memory/index.xhtml -
[task 2022-10-18T18:07:03.782Z] 18:07:03 INFO - Stack trace:
|
|
||
Comment 20•3 years ago
|
||
|
||
Comment 21•3 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 22•3 years ago
|
||
I whitelisted the d3.js library in browser/base/content/test/static/browser_all_files_referenced.js because it is still referenced by devtools.
|
|
||
Comment 23•3 years ago
|
||
The patch landed in nightly and beta is affected.
:janikaneuberger, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox107towontfix.
For more information, please visit auto_nag documentation.
|
|
Reporter | |
Comment 24•3 years ago
|
||
I‘ve verified this issue using the latest Firefox Nightly 108.0a1 (Build ID: 20221023100414) on Windows 10 x64, macOS 12.5.1, and Linux Mint 20.2 x64.
- The logins from a CSV file are imported, and the “Import Complete” modal is displayed after ending the “Import from a File…” flow.
|
|
Assignee | |
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Comment 25•3 years ago
|
||
|
||
Comment 26•3 years ago
|
||
| bugherder | ||
Description
•