1966443 - Pasting NULL bytes into textarea fails on Windows

Status: VERIFIED FIXED

(Core :: Widget: Win32, defect)

Description

[Xan Charbonnet]

Steps to reproduce:

• Visit https://biblionix.xyz/pasting_null_bytes/
• Open the link labeled "HTML" in a new tab
• View the source of that tab, observing that NULL characters are there
• Copy the entire source
• Go back to the https://biblionix.xyz/pasting_null_bytes/ tab and paste into the textarea
• Observe that the NULL characters and anything after them are missing

Actual results:

The pasted data was cut off at the first NULL byte.

Expected results:

Almost anything else: include the NULL characters, ignore the NULL characters, replace them with the replacement character. Cutting off is the worst thing to do.

This same issue is occurring on Linux, and being addressed in https://bugzilla.mozilla.org/show_bug.cgi?id=1852790 .

The issue does not seem to occur on MacOS.

Comment 1

[Edgar Chen [:edgar]]

(In reply to Xan Charbonnet from comment #0)

This same issue is occurring on Linux, and being addressed in https://bugzilla.mozilla.org/show_bug.cgi?id=1852790 .
The issue does not seem to occur on MacOS.

This is likely a platform dependent bug.

Comment 2

[David Parks [:handyman]]

Hey Martin, this was pretty minor on Windows -- it boiled down to ignoring the comment and using allocLen instead of strlen here. However, this leaves the nulls in the string, so they are converted in HTML as I would expect (see the screen shot). Is this what you are doing in bug 1852790 or are you manually removing the nulls? Do you know what Mac did and do you think it matters if we have parity across platforms here?

Comment 3

[David Parks [:handyman]]

Attachment: Screenshot 2025-05-15 at 17-36-14 pasting NULL bytes test page.png

Comment 4

[David Parks [:handyman]]

Attachment: Bug 1966443: Use proper length for Windows clipboard elements r=#win-reviewers!,emilio!

NULLs are expected in the clipboard data. Clipboard code tries to use
spans in a lot of places but there is a lot of old string stuff remaining
as well.

Comment 5

[Martin Stránský [:stransky] (ni? me)]

(In reply to David Parks [:handyman] from comment #2)

Hey Martin, this was pretty minor on Windows -- it boiled down to ignoring the comment and using allocLen instead of strlen here. However, this leaves the nulls in the string, so they are converted in HTML as I would expect (see the screen shot). Is this what you are doing in bug 1852790 or are you manually removing the nulls?

Yes, I keep the string data as is even with the null chars inside so they're printed. So it's the same.

Do you know what Mac did and do you think it matters if we have parity across platforms here?

No idea, I don't have Mac available. Maybe Emilio may know?

Comment 6

[Emilio Cobos Álvarez [:emilio]]

There's no null removal here: https://searchfox.org/mozilla-central/rev/fccab99f5b400b33b9ad16e7f066a5020119fbdc/widget/cocoa/nsClipboard.mm#212-231

So I suspect it just plumbs them through.

Comment 7

[David Parks [:handyman]]

OK, I was mis-reading the comments in bug 1852790.

Comment 8

[Pulsebot]

Pushed by daparks@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a7594596cdb1
Use proper length for Windows clipboard elements r=win-reviewers,emilio,gstoll

Comment 9

[Cristian Tuns]

https://hg.mozilla.org/mozilla-central/rev/a7594596cdb1

Comment 10

[Bogdan Maris, Desktop Test Engineering [OOO until Dec 16th]]

Reproduced the issue using the info from comment 0 using an old Nightly build from 2025-05-14, verified that using the latest Nightly 141.0a1 and Latest Firefox 140.0b4 builds on Windows 11 the issue is no longer reproducible. I get the same input in the textarea as in comment 3.

Comment 11

[Pulsebot]

Pushed by dmeehan@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/c94e6fe693aa
https://hg.mozilla.org/releases/mozilla-beta/rev/34e1906ff4ba
Revert "Bug 1966443: Use proper length for Windows clipboard elements r=win-reviewers,emilio,gstoll" for causing Bug 1968744

Comment 12

[Donal Meehan [:dmeehan]]

Backed out from beta for causing Bug 1968744

Comment 13

[agoloman]

Backed out from autoland for causing Bug 1968744: https://github.com/mozilla-firefox/firefox/commit/4cbd07eea6ce

Comment 14

[BugBot [:suhaib / :marco/ :calixte]]

There is an r+ patch which didn't land and no activity in this bug for 2 weeks.
:handyman, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit BugBot documentation.

Comment 15

[David Parks [:handyman]]

Attachment: Bug 1966443: Remove NUL characters from clipboard copy and DND source operations r=#dom-core!

GTK and Windows don't allow NUL characters to appear in clipboard and DND text.
Text data is null-terminated there. This patch skips NUL bytes on all
platforms when adding to the clipboard or when dragging text from Firefox.
This normalizes the behavior across platforms for clipboard views of text
data internal and external to Gecko, so we can make assumptions about safety.

The test has exceptions for the behavior of different platforms when copying
a string that only contains NUL characters. Android and Wayland behave
slightly differently than others but it is not an important edge case.

Comment 16

[David Parks [:handyman]]

Attachment: Bug 1966443: Ignore NULs in clipboard paste and DND drop operations r=#win-reviewers!,#geckoview-reviewers,stransky!,#mac-reviewers!

Windows and GTK null-terminate text flavors in clipboard and DND operations.
For other platforms, it sanitizes text to ensure that there are no surprise
NUL characters in it, since NSStrings and Java strings in general can.

On a related note, GTK expects text to be obtained with gtk_selection_data_get_text,
not gtk_selection_data_get_data (and it guarantees null-termination), so
this patch makes that change as well.

Depends on D256876

Comment 17

[David Parks [:handyman]]

Attachment: Bug 1966443: Skip NUL characters in text that is copied to clipboard or dragged r=gstoll!,#dom-core!

Windows and GTK do not allow NUL characters in text data types that appear
on the clipboard or in DND payloads. Mac and Android do not specify if this
is allowed but they use string types that permit it. This patch normalizes
behavior across platforms by removing NUL ('\0') characters from text
flavors in those cases.

The test has exceptions for the behavior of different platforms when copying
a string that only contains NUL characters. Android and Wayland behave
slightly differently than others but it is not an important edge case.

Depends on D256877

Comment 18

[David Parks [:handyman]]

Attachment: Bug 1966443: Make synthesizeMockDragAndDrop usable in plain mochitests r=edgar!

Uses spawnChrome from a content process to initiate synthesizeMockDragAndDrop
in the parent process. The checks in synthesizeMockDragAndDrop will not be
run since communicating back to content requires SpecialPowers. So, in plain
mochitests the function will only be useful for the plain test itself.
(For example, tests can easily intercept expected drag/drop events and perform
their own behaviors/checks there.)

This patch also removes some cruft from the test framework's implementation and
improves logging integration.

Comment 19

[David Parks [:handyman]]

Attachment: Bug 1966443: Clean up after tests that open context menus r=masayuki!

For test_contextmenu_chorded_buttons.html, the synthesized escape key was
not dismissing the contextmenu, and it was blocking an upcoming DND test
when run in automation. Switched to a left-mouse-click to close it, since
closing the contextmenu is not part of the test.

test_contextmenu_by_mouse_on_unix.html isn't causing any test problems but
it was leaving a context menu open as well (it didn't attempt to close it).

Depends on D256877

Comment 20

[Pulsebot]

Pushed by daparks@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/9e6fb6b2f02e
https://hg.mozilla.org/integration/autoland/rev/e734223328db
Make synthesizeMockDragAndDrop usable in plain mochitests r=edgar
https://github.com/mozilla-firefox/firefox/commit/220cc239d38b
https://hg.mozilla.org/integration/autoland/rev/02c254294b0b
Ignore NULs in clipboard paste and DND drop operations r=stransky,geckoview-reviewers,mac-reviewers,bradwerth,tcampbell
https://github.com/mozilla-firefox/firefox/commit/a2ba53f019c2
https://hg.mozilla.org/integration/autoland/rev/81265929e4e2
Clean up after tests that open context menus r=masayuki
https://github.com/mozilla-firefox/firefox/commit/1affb70ae6b3
https://hg.mozilla.org/integration/autoland/rev/1dc105b7f065
Skip NUL characters in text that is copied to clipboard or dragged r=gstoll,dom-core,edgar

Comment 21

[Pulsebot]

Pushed by ctuns@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/a9badb5d6ffc
https://hg.mozilla.org/integration/autoland/rev/8e1ec242b1b5
Revert "Bug 1966443: Skip NUL characters in text that is copied to clipboard or dragged r=gstoll,dom-core,edgar" for causing mochitest failures in test_dnd_ignoreNuls.html

Comment 22

[Cristian Tuns]

Backed out for causing mochitest failures

• Backout link
• Push with failures
• Failure Log
• Failure line: TEST-UNEXPECTED-FAIL | widget/tests/test_dnd_ignoreNuls.html | Test timed out. -

Comment 23

[Atila Butkovits]

This is also a failure line: TEST-UNEXPECTED-FAIL | browser/components/urlbar/tests/browser/browser_removeUnsafeProtocolsFromURLBarPaste.js | Timed out while polling clipboard for requested data, got:

https://firefoxci.taskcluster-artifacts.net/Y5RZyzgkRGWFsh7jmRyBeg/0/public/logs/live_backing.log

Comment 24

[David Parks [:handyman]]

DND might be the async timeout stuff -- that was initially believed to resolve intermittent Linux failures.

Comment 25

[David Parks [:handyman]]

Failure is across platforms... but only for xorigin? That certainly shouldn't be related but maybe this is something to do with content transforms not being shared.

Comment 26

[David Parks [:handyman]]

Attachment: Bug 1966443: Remove MacOS supportsNullBytes test from browser_removeUnsafeProtocolsFromURLBarPaste.js r=#mac-reviewers!

This patch series normalizes platforms so none support nulls.

Depends on D258092

Comment 27

[Pulsebot]

Pushed by daparks@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/a19cb49fcdf2
https://hg.mozilla.org/integration/autoland/rev/d6d5319bb59e
Make synthesizeMockDragAndDrop usable in plain mochitests r=edgar
https://github.com/mozilla-firefox/firefox/commit/0d1a2059a278
https://hg.mozilla.org/integration/autoland/rev/0369759ab5f6
Ignore NULs in clipboard paste and DND drop operations r=stransky,geckoview-reviewers,mac-reviewers,bradwerth,tcampbell
https://github.com/mozilla-firefox/firefox/commit/78a878bac037
https://hg.mozilla.org/integration/autoland/rev/2bca432ed2cb
Clean up after tests that open context menus r=masayuki
https://github.com/mozilla-firefox/firefox/commit/c0b7f6e71382
https://hg.mozilla.org/integration/autoland/rev/510a3deecb0a
Skip NUL characters in text that is copied to clipboard or dragged r=gstoll,dom-core,edgar
https://github.com/mozilla-firefox/firefox/commit/40b2f29da4f2
https://hg.mozilla.org/integration/autoland/rev/f2dbb34f6867
Remove MacOS supportsNullBytes test from browser_removeUnsafeProtocolsFromURLBarPaste.js r=mac-reviewers,urlbar-reviewers,mstange,Standard8

Comment 28

[Serban Stanca [:SerbanS]]

https://hg.mozilla.org/mozilla-central/rev/d6d5319bb59e
https://hg.mozilla.org/mozilla-central/rev/0369759ab5f6
https://hg.mozilla.org/mozilla-central/rev/2bca432ed2cb
https://hg.mozilla.org/mozilla-central/rev/510a3deecb0a
https://hg.mozilla.org/mozilla-central/rev/f2dbb34f6867

Comment 29

[Bogdan Maris, Desktop Test Engineering [OOO until Dec 16th]]

(In reply to Bogdan Maris, Desktop Test Engineering from comment #10)

Reproduced the issue using the info from comment 0 using an old Nightly build from 2025-05-14, verified that using the latest Nightly 141.0a1 and Latest Firefox 140.0b4 builds on Windows 11 the issue is no longer reproducible. I get the same input in the textarea as in comment 3.

Also verified as fixed using Firefox 143.0b2 on Windows 10 and 11.