Leaving encrypted page warning clears browser form content

RESOLVED WORKSFORME

Status

Core Graveyard
Security: UI
--
critical
RESOLVED WORKSFORME
15 years ago
2 years ago

People

(Reporter: Matthew Elvey, Unassigned)

Tracking

({dataloss})

1.0 Branch
x86
Windows XP
dataloss

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [kerh-coz], URL)

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312

dataloss caused by or related to Security Warning popup alert - you are about to
leave an encyrypted page ...
Even though compose screen is well-coded to prevent it, webmail being composed
(or other filled in form data) is lost; 'back' doesn't work right.

Reproducible: Always

Steps to Reproduce:
1.In Mozilla the browser, start composing an email (in general filling in a
form) in a web page with a secure, non-expiring webmail compose screen (in this
case a fastmail.fm account was used; you can get a free guest account there for
testing purposes; login securely)
2.Start doing something else, and click on a http URL link (in this case in an
email in MozillaMail) and the link opens in the Mozilla browser window - the
same one where you were composing an email. Fastmail has coded the page such
that normally, you can press 'back' (e.g. if you press send and it fails, so you
hit 'back' to retry), you are taken back to where you were- you don't lose the
draft of the email. Therefore, expect to be able to continue editing your email.


Actual Results:  
A popup appears (per my preferences; this is the default): a <Security Warning:
you are about to leave an encyrypted page ...> alert comes up, and whatever I do, 
the unsent mail is lost.  This does not happen if the link I click on is to
another secure page – pressing back works. (e.g
https://www.cardscan.net/o/log.asp?code=902&url=optout.asp%3FID%3D983VKGCAAncnEV5Nly1Dec3W7g=%26t%3D1

(Sorry if this is a dupe; I did search! Searching: keyword dataloss; title:
secur* or encryp*...)

Expected Results:  
1.  'Cancel' or closing (X-ing) the window should have cancelled the load of the
page _and_ brought me back to the partly composed email.
2.  Back should bring me back to the partly composed email.

If I disable "Leaving a page that supports encryption" SSL warning, this problem
does not occur. 

I would guess that the problem also occurs if going from http compose page to a
https url, if there is an SSL Warning popup. (vs. from https to http; Not tested.)
->PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: carosendahl → bmartin
Version: Trunk → 2.4

Comment 2

15 years ago
Sounds bad.
But the workaround is not not simply click on links in the email window while
you have important content in some browser window. Instead, use the right click
popup menu and choose open in a new window/tab,
(Reporter)

Updated

15 years ago
Keywords: dataloss
Changing Summary from:

form field dataloss ONLY caused by or related to Opening insecure http url
*after* a https page and getting Security Warning popup alert - you are about to
leave an encyrypted page ...

to

Leaving encrypted page warning clears browser form content
Summary: form field dataloss ONLY caused by or related to Opening insecure http url *after* a https page and getting Security Warning popup alert - you are about to leave an encyrypted page ... → Leaving encrypted page warning clears browser form content

Updated

15 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 4

15 years ago
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody

Updated

14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

13 years ago
Whiteboard: [kerh-coz]

Comment 5

13 years ago
This worksforme with linux seamonkey trunk build 2005111601 and 1.0a, even with bfcache disabled.
(Reporter)

Comment 6

13 years ago
Kai: what were you trying to say?  "...is not not simply..."?

Tabs..Open links from other application in... must be set to: "the most recent tab/window" to get hit by the bug.
Also, security.warn_leaving_secure
and   security.warn_entering_secure
should both be true.

Hmm. I'm not able to reproduce w/Tbird 1.5 on MacOS 10.4.2.

I'll check the platform (XP) where I initially hit the bug.

Comment 7

13 years ago
I think two years ago I was trying to say:
  "But the workaround is to simply not click"
which of course is not a real solution, just answering your question.
QA Contact: bmartin → ui

Updated

10 years ago
Version: psm2.4 → 1.0 Branch

Comment 8

4 years ago
Bug 799009 removed these popups/prompts.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
(Assignee)

Updated

2 years ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.