Closed Bug 1783497 Opened 3 years ago Closed 3 years ago

chrome:// URL-addresses are treated as invalid URL-addresses by input[type=url] elements

Categories

(Core :: DOM: Forms, defect)

Product:
Core
Component:
DOM: Forms
Version:
Firefox 106
Platform:
Desktop
All
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
firefox-esr91 --- wontfix
firefox-esr102 --- wontfix
firefox104 --- wontfix
firefox105 --- wontfix
firefox106 --- wontfix
firefox107 --- wontfix
firefox108 --- verified
firefox109 --- verified

People

(Reporter: importu, Assigned: sefeng211)

Details

Attachments

(6 files)

Screenshot.png
23.14 KB, image/png
Details
Example.html
985 bytes, text/html
Details
Bug 1783497 - Don't throw if chrome URL canonicalization fails r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1783497 - Make GetPartitionKeyFromURL fails early for chrome url r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Bug 1783497 - Update LoginInfo related tests in passwordmgr for recent chrome url changes r=smaug,sfoster!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1783497 - Update test_url_data.html r=smaug
48 bytes, text/x-phabricator-request
Details | Review
Attached image Screenshot.png

Steps to reproduce:

  1. Go to https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/url
    There's a small demo form in the "Making a URL required" section.
  2. Enter "chrome://bookmarks" or any other "chrome://" address into the input field.
  3. Click "Submit"

Actual results:

Firefox shows the "Please enter a URL" error.
Other browsers submit the form.

Expected results:

The "input[type=url]" is not an "a[href]" link element and shouldn't filter out "chrome://" links as they might just go into a site's database for displaying purposes (or for a thousand other different reasons) and not into a link address on a webpage.

This is a Firefox-only non-standard behavior/bug/oversight that shouldn't happen.

Component: Untriaged → DOM: Forms
Product: Firefox → Core
Component: DOM: Forms → Desktop
Product: Core → Web Compatibility

This is not a WebCompat issue. I'm moving it back.

Component: Desktop → DOM: Forms
Product: Web Compatibility → Core
Version: Firefox 103 → unspecified

(In reply to Dennis Schubert [:denschub] from comment #1)

This is not a WebCompat issue. I'm moving it back.

Well,

https://bugzilla.mozilla.org/describecomponents.cgi?product=Web%20Compatibility
Web Compatibility
A place to move bugs for sites or content that does not work in Firefox, but works in other browsers.

https://bugzilla.mozilla.org/show_bug.cgi?id=1783497
Firefox shows the "Please enter a URL" error.
Other browsers submit the form.

but I don't mind either way.

This issue was previously confirmed on WebCompat on github:
https://github.com/webcompat/web-bugs/issues/108379

Don't know why you removed the Firefox version though.

Attached file Example.html

Attached an example .html file with 4 identical forms with pre-filled URL-addresses.

The inputs with addresses the browser considers invalid will be highlighted red.

If the form submits, it will show "Form submitted" alert message.

In Chrome all 4 forms submit correctly.

In Firefox only the last 3 submit correctly, and the first one highlights red and shows "Please enter a URL" error bubble and prevents form submission.

I can take a look.

Severity: -- → S3
Flags: needinfo?(sefeng)

Managed to reproduce the issue on Window 10 x64, macOS 11.6 and on Ubuntu 20.04 x64.

Status: UNCONFIRMED → NEW
Has STR: --- → yes
status-firefox104: --- → affected
status-firefox105: --- → affected
status-firefox106: --- → affected
status-firefox-esr91: --- → affected
Ever confirmed: true
OS: Unspecified → All
Hardware: Unspecified → Desktop
Version: unspecified → Firefox 106

So our code don't think chrome:://bookmarks as a valid url, specifically it fails at when we try to canonify it. If you pass something like chrome://bookmarks/1/1 things work, so this seems to be bug.

I also check the spec, I think we are looking for valid absolute url here. I think chrome:://bookmarks falls under a URL-scheme string that is not an ASCII case-insensitive match for a special scheme, followed by U+003A (:) and a relative-URL string. So It should work I think.

Is this something we are aware Olli?

Flags: needinfo?(sefeng) → needinfo?(smaug)

I don't think we should throw if canonify fails. Given https://searchfox.org/mozilla-central/rev/fa81b64fc1a339e2b2b1f6a8637a689916e13c4e/dom/html/input/SingleLineTextInputTypes.cpp#112-113 I think that would be enough to fix this.

(chrome: protocol itself is of course very much browser internal thing and shouldn't be exposed to the web, but I guess a web page may still use it for its own purposes.)

Flags: needinfo?(smaug)
Assignee: nobody → sefeng

Looks like this is not needed and making a web-compat issue.

Pushed by sefeng@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/09fd858a96c9 Don't throw if chrome URL canonicalization fails r=smaug

Backed out for causing Xpcshell failures on test_ext_cookies_partitionKey.js
Backout link
Push with failures
Link to failure log
Failure line :
TEST-UNEXPECTED-FAIL | xpcshell.ini:toolkit/components/extensions/test/xpcshell/test_ext_cookies_partitionKey.js | xpcshell return code: 0

Flags: needinfo?(sefeng)

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:sefeng, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit auto_nag documentation.

Flags: needinfo?(smaug)
Flags: needinfo?(sefeng)

Up to sefeng to deal with.

Flags: needinfo?(smaug)

It looks like we don't want to get partition keys from
chrome urls.

Depends on D156985

I have 2 needinfos, so removing one of them.

Flags: needinfo?(sefeng)
Pushed by sefeng@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4da944d66d96 Don't throw if chrome URL canonicalization fails r=smaug https://hg.mozilla.org/integration/autoland/rev/0200c81aa87f Make GetPartitionKeyFromURL fails early for chrome url r=smaug,robwu
Flags: needinfo?(sefeng)

These tests expect Service.io.newURI raises exception when the given
urls are chrome urls. Since we no longer raise exception for
chrome url canonicalization failures, the tests need to be updated.
Plus, this should be fine because even without the canonicalization changes,
using a chrome url like "chrome://path/path/path" would raise exception too.

Pushed by sefeng@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/36d1dfe3d6c9 Don't throw if chrome URL canonicalization fails r=smaug https://hg.mozilla.org/integration/autoland/rev/c92b392a186f Make GetPartitionKeyFromURL fails early for chrome url r=smaug,robwu https://hg.mozilla.org/integration/autoland/rev/0a2510ef7585 Update LoginInfo related tests in passwordmgr for recent chrome url changes r=smaug,sfoster,credential-management-reviewers,sgalich

Due to the changes to chrome url canonicalization, we need to update
URL::SetProtocol to make it fail when the given url is a chrome url.

Attachment #9299495 - Attachment description: Bug 1783497 - Make setting url protocol to chrome fails r=smaug → Bug 1783497 - Update test_url_data.html r=smaug
Pushed by sefeng@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d9f642210f97 Don't throw if chrome URL canonicalization fails r=smaug https://hg.mozilla.org/integration/autoland/rev/d3df1cd24b2d Make GetPartitionKeyFromURL fails early for chrome url r=smaug,robwu https://hg.mozilla.org/integration/autoland/rev/07cac19d7ebe Update LoginInfo related tests in passwordmgr for recent chrome url changes r=smaug,sfoster,credential-management-reviewers,sgalich https://hg.mozilla.org/integration/autoland/rev/5e1071802aad Update test_url_data.html r=smaug

Removing my NI and hope it'll stick.

Flags: needinfo?(sefeng)

Since nightly and release are affected, beta will likely be affected too.
For more information, please visit auto_nag documentation.

status-firefox107: --- → affected

The patch landed in nightly and beta is affected.
:sefeng, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox107 to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(sefeng)

This is not an urgent thing, so no need for uplift.

status-firefox107: affectedwontfix
Flags: needinfo?(sefeng)
QA Whiteboard: [qa-108b-p2]

Reproducible on a 2022-08-06 Nightly build on macOS 12. Verified as fixed on Firefox 108.0b2(build ID: 20221115200658) and Nightly 109.0a1(build ID: 20221116182402) on macOS 12, Windows 10, Ubuntu 22.

Status: RESOLVED → VERIFIED
QA Whiteboard: [qa-108b-p2]
status-firefox108: fixedverified
status-firefox109: --- → verified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: