Closed Bug 1827512 Opened 1 year ago Closed 11 months ago

script with only whitespace between opening and closing tags is not run if its src and type change, unlike in Blink and WebKit

Categories

(Core :: DOM: Events, defect)

Product:
Core
Component:
DOM: Events
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
116 Branch
Project Flags:
Webcompat Priority P1
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix
firefox112 --- wontfix
firefox113 --- wontfix
firefox114 --- wontfix
firefox115 --- fixed
firefox116 --- fixed

People

(Reporter: twisniewski, Assigned: avandolder)

References

(
URL
)

Details

Attachments

(3 files)

testcase.html
460 bytes, text/html
Details
Bug 1827512 - Properly handle type and src attribute changes on script tags. r?smaug
48 bytes, text/x-phabricator-request
dmeehan
: approval-mozilla-beta+
Details | Review
Beta Uplift Approval Request
833 bytes, text/plain
Details

In the attached test-case, a script element has a non-JS type attribute, and whitespace in between its opening and closing tags. Its src and type are then dynamically set to JS and a console.log statement, but the new script is never run.

In WebKit and Blink, the script is run, seemingly as long as its type was non-JS, but changed to JS when the src changes.

This is causing a webcompat issue which breaks page load at www.legorafi.fr, where their rocket loader script loading relies on such a script change to fire either onload or onerror on such a change. This ultimately causes links to not work, as the site still has a preventDefault enabled on them which should not be there after the scripts have loaded.

Summary: script with ony whitespace between opening and closing tags is not run if its src and type change, unlike in Blink and WebKit → script with only whitespace between opening and closing tags is not run if its src and type change, unlike in Blink and WebKit
Attached file testcase.html

Oddly, mozregression is suggesting that this may have broken in this (hidden) revision: https://phabricator.services.mozilla.com/D166108 (bug 1802385)

I think this was probably regressed by bug 1784187. After that, scripts without src attributes are executed as inline scripts whether or not they contain any text content.

I'm not sure how big of an issue this is likely to be in practice. I think most people generally assume that <script> nodes to ignore src changes after they're inserted into the DOM, but given that we have an example where someone doesn't, and Blink and WebKit appear different, it could be a significant webcompat issue.

Tentatively setting the severity to S1, but I would accept arguments that it should be lower.

Severity: -- → S1
tracking-firefox113: --- → ?
tracking-firefox114: --- → ?
Keywords: regression
Priority: -- → P1
Regressed by: 1784187

Set release status flags based on info from the regressing bug 1784187

:avandolder, since you are the author of the regressor, bug 1784187, could you take a look?

For more information, please visit auto_nag documentation.

status-firefox112: --- → affected
status-firefox113: --- → affected
status-firefox114: --- → affected
status-firefox-esr102: --- → unaffected
Flags: needinfo?(avandolder)
Webcompat Priority: ? → P1
Severity: S1 → S2
tracking-firefox113: ? → ---
tracking-firefox114: ? → ---
Priority: P1 → --

(In reply to Kris Maglione [:kmag] from comment #3)

I think this was probably regressed by bug 1784187. After that, scripts without src attributes are executed as inline scripts whether or not they contain any text content.

So this is not actually a regression at all, as far as I can tell. Bug 1784187 isn't at fault - it only adds a microtask checkpoint for "empty" scripts, which doesn't apply here since that definition of "empty" only includes 0-length text fragments, but in this case there's whitespace between the beginning and ending tags (which explains the "If I change it so that there isn't any whitespace between <script> and </script>, it works" comment from the linked web-compat issue). The problem is that we won't re-process script tags with any content in them whatsoever, unlike Blink or Webkit, who are happy to do a re-process when the src attribute is changed, as long as the script hasn't been executed already.

Flags: needinfo?(avandolder)

It looks like ScriptElement::MaybeProcessScript violates the spec for preparing an element, in that it performs step 14 (setting mAlreadyStarted to true) before steps 8-12 (checking the script type). Which would cause the difference in behaviour seen here.

I tried to find regression window and what I got so far seems more aligned with Adam's comment 5, i.e. this isn't a regression from bug 1784187. I could even reproduce this issue back to esr 102 and Fx 85. Neither the site nor the test case had ever worked. My finding is inconsistent with the webcompat report, so I added "regressionwindow-wanted" keyword to let this be on QA's radar.

status-firefox-esr102: unaffectedaffected
Keywords: regressionregressionwindow-wanted
No longer regressed by: 1784187

Modifies the preparation of script tags in order to better follow the
specification. Now, scripts are only considered to have already started
if they have a valid type when being prepared, and only changes to the
src attribute trigger script preparation, instead of for all attributes.
This allows script tags to be re-run after their type and src are
modified, if they haven't run already.

Assignee: nobody → avandolder
Status: NEW → ASSIGNED
QA Whiteboard: [qa-regression-triage]

This also seems to be affecting www.billboardvinyls.com, as seen on webcompat.com

See Also: → https://webcompat.com/issues/113086

Reviewed in the team meeting, moving to S3 per comment 6 and comment 7.

Severity: S2 → S3

The severity field for this bug is set to S3. However, this bug has a P1 WebCompat priority.
:avandolder, could you consider increasing the severity of this web compatibility bug?

For more information, please visit auto_nag documentation.

Flags: needinfo?(avandolder)
Flags: needinfo?(avandolder)

For what it's worth, this is already known to be breaking links and galleries on two fairly popular websites, and I would be amazed if it isn't breaking more sites given the nature of the issue.

Assuming that only the test case is needed to investigate the regrassion range of this issue and that the expected result of it is to show a green square instead of a red one, then all tested builds are affected: Tested builds as old as Nightly v50.0a1 on both WIndows 10 and Ubuntu 22.

I may be failing to understand how this bug is to be reproduced (consistently). Please let me know if further investigation for a regression range is not necessary anymore or if it is, please explain how the issue should be tested.

Flags: needinfo?(avandolder)

(In reply to Daniel Bodea [:danibodea] from comment #13)

Assuming that only the test case is needed to investigate the regrassion range of this issue and that the expected result of it is to show a green square instead of a red one, then all tested builds are affected: Tested builds as old as Nightly v50.0a1 on both WIndows 10 and Ubuntu 22.

I may be failing to understand how this bug is to be reproduced (consistently). Please let me know if further investigation for a regression range is not necessary anymore or if it is, please explain how the issue should be tested.

No, you have it correct - this behaviour doesn't seem to be a regression, rather it's been the way Firefox has always handled it.

Flags: needinfo?(avandolder)
QA Whiteboard: [qa-regression-triage]
Keywords: regressionwindow-wanted
Pushed by avandolder@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/579cee2f1eda
Properly handle type and src attribute changes on script tags. r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/40538 for changes under testing/web-platform/tests

https://hg.mozilla.org/mozilla-central/rev/579cee2f1eda

Status: ASSIGNED → RESOLVED
Closed: 11 months ago
status-firefox116: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 116 Branch

Since nightly and release are affected, beta will likely be affected too.
For more information, please visit BugBot documentation.

status-firefox115: --- → affected

The patch landed in nightly and beta is affected.
:avandolder, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox115 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(avandolder)
Upstream PR merged by moz-wptsync-bot

Approval Request Comment
[Feature/Bug causing the regression]: This isn't actually a regression, however the existing behaviour is not web compatible
[User impact if declined]: Multiple websites (see, for instance, https://webcompat.com/issues/113086) will continue to not function for 115 users.
[Is this code covered by automated tests?]: Yes
[Has the fix been verified in Nightly?]: Yes
[Needs manual test from QE? If yes, steps to reproduce]: No
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: This change is of low risk.
[Why is the change risky/not risky?]: This change is not particularly risky since it fixes a fairly significant spec violation, but one which is obscure enough that it is unlikely any sites were relying on the current behaviour.
[String changes made/needed]: None

Flags: needinfo?(avandolder)
Attachment #9339310 - Flags: approval-mozilla-beta?

Comment on attachment 9329114 [details]
Bug 1827512 - Properly handle type and src attribute changes on script tags. r?smaug

Moving beta uplift request to the patch

Attachment #9329114 - Flags: approval-mozilla-beta?
Attachment #9339310 - Flags: approval-mozilla-beta?

Comment on attachment 9329114 [details]
Bug 1827512 - Properly handle type and src attribute changes on script tags. r?smaug

Approved for 115.0b7.

Attachment #9329114 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: