Closed
Bug 196735
Opened 21 years ago
Closed 21 years ago
<OBJECT src=...> should be ignored
Categories
(Core Graveyard :: Plug-ins, defect, P3)
Core Graveyard
Plug-ins
Tracking
(Not tracked)
VERIFIED
FIXED
mozilla1.4alpha
People
(Reporter: malcolm-bmo, Assigned: malcolm-bmo)
References
()
Details
Attachments
(4 files, 2 obsolete files)
780 bytes,
text/html
|
Details | |
868 bytes,
text/html
|
Details | |
3.29 KB,
patch
|
peterlubczynski-bugs
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
2.66 KB,
text/html
|
Details |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130 (guessed at correct component) The <object> element in HTML4 has never supported a SRC attribute, but for some reason we allow SRC to be an alias for DATA (perhaps we share a common implementation between <object> and the proprietry <embed> tag?). <object src=...> works, but it shouldn't. More importantly, if an object is declared with both SRC and DATA attributes, SRC takes priority. See the testcase (to follow).
Assignee | ||
Comment 1•21 years ago
|
||
Assignee | ||
Comment 2•21 years ago
|
||
[If this bug is fixed, then this comment is no longer relevant, but I'll note it here in case the bug gets WONTFIXED.] Probably because they're all expected a DATA attribute for images, the context menu, image property dialog and page info all experience problems with this testcase, though none of them are serious.
Comment 3•21 years ago
|
||
Looks like we always check SRC first here: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/layout/html/base/src/nsImageFrame.cpp#318 We should probably only do this in quriks mode. The context menu is another problem.
Priority: -- → P3
Target Milestone: --- → Future
Comment 4•21 years ago
|
||
We MUST check "src" first for <img> elements, which is the common case for nsImageFrame. Once bug 83774 lands, though, the <object>/<embed> code will be in the object frame and at that point the order can be switched, since the code will not be affecting the <img> elements.
Depends on: 83774
Assignee | ||
Comment 5•21 years ago
|
||
Just a quick note. Looking at the LXR reference in comment 3, AFAICS, it says: get SRC if we didn't find it and we're OBJECT, get DATA use whatever we found to create an image Why can't we change that logic to this: if we're OBJECT, get DATA else, get SRC use whatever we found to create an image Would that cause problems with EMBED? Is there a reason this change might need to be quirks-only? IE6 already works 'correctly' with regard to this behaviour (in both strict and non-strict modes), although it doesn't seem to support image/png in OBJECT. I'm going to attach a new testcase that works in IE6 to demonstrate this, though I'm afraid I can't test in Mozilla at the moment.
Assignee | ||
Comment 6•21 years ago
|
||
Assignee | ||
Comment 7•21 years ago
|
||
Huh, that second testcase only works locally for me. I think IE must be blocking access to the images because they're in a different domain (or something).
Comment 8•21 years ago
|
||
Yeah, that change would work. Again, this code is about to all go away completely, so I wouldn't bother changing it right now...
Comment 9•21 years ago
|
||
Note the following hunks from the bug 83774 patch, btw (in nsObjectFrame.cpp): + nsAutoString data; + rv = aContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::data, data); + if (rv != NS_CONTENT_ATTR_HAS_VALUE) { + rv = aContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::src, data); + } + NS_ASSERTION(rv == NS_CONTENT_ATTR_HAS_VALUE, + "Why did IsSupportedImage() return PR_TRUE?"); + imageLoader->ImageURIChanged(data); So that patch should in fact fix this bug....
Assignee | ||
Comment 10•21 years ago
|
||
Ok, though bug 83774 is targetted for 1.5, and this could easily go in before that, but I see your point. Is there any reason you can't remove the check for the SRC attribute entirely from nsObjectFrame [in bug 83774's patch]? The reason that I originally filed this bug was because I wrote a load of XHTML using OBJECT SRC= (naturally, thinking along the lines of IMG SRC=), which seemed to work fine. I was unpleasantly surprised when it didn't validate. DATA overriding SRC was just something I noticed at the same time. Since IE doesn't really support OBJECT yet, there doesn't seem to be any backwards-compatible argument for allowing OBJECT SRC= to work. Can we ditch it entirely?
Comment 11•21 years ago
|
||
IE supports <object> just fine last I checked.... As for the compat issues, I don't know. Peter? Does anyone actually use <object src="">? (Note that the nsObjectFrame code is used for <embed> too, btw, and <embed> _does_ use src; but we could condition on the tagname.... or better yet finish the job of moving that stuff into the content node).
Assignee | ||
Comment 12•21 years ago
|
||
Apologies - my comment about IE not supporting OBJECT well more to do with being able to use it as a replacement of the IMG tag (which it's *not* very good at - the first testcase above doesn't work in IE6, despite the fact that IE [sort-of] supports PNG images). How would I go about testing EMBED? Any pointers to a 'spec' for it?
Comment 13•21 years ago
|
||
http://www.blooberry.com/indexdot/html/tagpages/e/embed.htm pretty much sums it up.
Assignee | ||
Comment 14•21 years ago
|
||
The attached patch stops us from checking the SRC attribute when we encounter an OBJECT that is rendering an image. This brings us into line with our behaviour for IMG, EMBED, and non-image OBJECT elements. I've tested this as thoroughly as I can, using a variety of IMG, EMBED, APPLET, and OBJECT tags, and there appear to be no unexpected side-effects.
Assignee | ||
Updated•21 years ago
|
Attachment #117532 -
Flags: review?(bryner)
Comment 15•21 years ago
|
||
Comment on attachment 117532 [details] [diff] [review] Prevent SRC attribute from being considered for image OBJECTs This should use an nsCOMPtr for the tag.. (yes, the existing code is really old and crufty).
Attachment #117532 -
Flags: superreview-
Assignee | ||
Updated•21 years ago
|
Attachment #117532 -
Attachment is obsolete: true
Attachment #117532 -
Flags: review?(bryner)
Assignee | ||
Comment 16•21 years ago
|
||
Updated to use nsCOMPtr for the tag.
Assignee | ||
Updated•21 years ago
|
Attachment #117534 -
Flags: superreview?(bzbarsky)
Assignee | ||
Updated•21 years ago
|
Attachment #117534 -
Flags: review?(bryner)
Assignee | ||
Comment 18•21 years ago
|
||
dang bugzilla, ->me for real
Assignee: peterlubczynski → bugzilla2
Status: ASSIGNED → NEW
Assignee | ||
Updated•21 years ago
|
Status: NEW → ASSIGNED
Comment 19•21 years ago
|
||
Comment on attachment 117534 [details] [diff] [review] Prevent SRC attribute from being considered for image OBJECTs (v2) Looks good, if you put a space between the "if" and the '('.... r+sr=bzbarsky Would you mind holding off on this till Saturday? If bug 83774 hasn't landed by then, ask someone to check it in? (I'm still hoping to get it landed before then, but if it's not in by then, it's not in for 1.4, so...)
Attachment #117534 -
Flags: superreview?(bzbarsky)
Attachment #117534 -
Flags: superreview+
Attachment #117534 -
Flags: review?(bryner)
Attachment #117534 -
Flags: review+
Comment 20•21 years ago
|
||
Hrm. See also http://lxr.mozilla.org/seamonkey/source/layout/html/base/src/nsObjectFrame.cpp#476 and http://lxr.mozilla.org/seamonkey/source/layout/html/base/src/nsObjectFrame.cpp#1124 (this one checks src before data) and http://lxr.mozilla.org/seamonkey/source/layout/html/base/src/nsObjectFrame.cpp#3055 Looks like we can't ignore src="" in general (based on that last link); do we want to do it just for images?
Assignee | ||
Comment 21•21 years ago
|
||
re: Comment 20 After a brief (5 minute) look at the code, I think that: 1. The check for SRC in IsSupportedImage should probably be removed. 2. I need to work out what runs this codepath - it might need a conditional check for the OBJECT tag. 3. I think this is ok. bug 152334 comment 10 indicates that we're not parsing the SRC attribute, we're fabricating a SRC PARAM based on the DATA attribute, if there is no SRC attribute. But obviously, that does imply that there used to be users of OBJECT src= for WMP or Real plugins. I'll need to test that OBJECT src= still works (it should just get reflected into a PARAM).
Comment 22•21 years ago
|
||
Yeah, those were my impressions too.....
Assignee | ||
Comment 23•21 years ago
|
||
I won't get to this until tonight. If bug 83774 makes it into 1.4alpha, I'll reverify with the tests I'm using, otherwise I'll make a patch that can go into 1.4beta.
Target Milestone: Future → mozilla1.4beta
Assignee | ||
Comment 24•21 years ago
|
||
bz, should this check in the second patch: if (tag == nsHTMLAtoms::object) actually be: if (tag.get() == nsHTMLAtoms::object) Just like in http://lxr.mozilla.org/seamonkey/source/layout/html/base/src/nsObjectFrame.cpp#6 21 Or does it not matter? I'm not that familiar with nsCOMPtr, I'm afraid.
Comment 25•21 years ago
|
||
bug 83774 won't fix the other places I pointed out in nsObjectFrame, so no matter what there'll be something to do here. ;) As for .get(), you used to need it on nsCOMPtr when comparing to a pointer. So some old code has it. Nowadays, you no longer need it and the recommended usage is to not have it.
Assignee | ||
Comment 26•21 years ago
|
||
So, bug 83774 has now landed and stabilised, and things have changed slightly. Although OBJECT data= doesn't override OBJECT src= anymore, OBJECT src= is still accepted. EMBED data= now overrides EMBED src=, and EMBED src= is accepted where it wasn't before. The patch (to follow) makes EMBED function the way it did in 1.3 wrt SRC and DATA attributes, and removes SRC from consideration for OBJECT (excluding the backward-compatibility fudge that bz identified (see comment 21, point 3).
Assignee | ||
Comment 27•21 years ago
|
||
Note: I'm not sure whether the changes to Reflow() [last hunk] are necessary - I couldn't identify any differences in behaviour - but they seem helpful for consistency.
Attachment #117534 -
Attachment is obsolete: true
Assignee | ||
Comment 28•21 years ago
|
||
Comment on attachment 118241 [details] [diff] [review] Fix EMBED, prevent SRC attribute from being considered for OBJECT Requesting r/sr from elsewhere, since bz is away.
Attachment #118241 -
Flags: superreview?(jst)
Attachment #118241 -
Flags: review?(pavlov)
Updated•21 years ago
|
Attachment #118241 -
Flags: superreview?(jst)
Attachment #118241 -
Flags: superreview+
Attachment #118241 -
Flags: review?(peterlubczynski)
Attachment #118241 -
Flags: review?(pavlov)
Comment 29•21 years ago
|
||
Comment on attachment 118241 [details] [diff] [review] Fix EMBED, prevent SRC attribute from being considered for OBJECT r=peterl
Attachment #118241 -
Flags: review?(peterlubczynski) → review+
Assignee | ||
Comment 30•21 years ago
|
||
Since this bug morphed slightly after the checkin to bug 83774, I'm attached a testcase that actually allows someone to test the checkin. The testcase only uses images for simplicity - I actually tested my changes with applets and embedded 'objects' as well.
Assignee | ||
Comment 31•21 years ago
|
||
timeless was kind enough to check this in for me. Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•21 years ago
|
Target Milestone: mozilla1.4beta → mozilla1.4alpha
Comment 32•21 years ago
|
||
Marking Verified Fixed based on results from testcase in comment #30
Status: RESOLVED → VERIFIED
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•