Closed Bug 228787 Opened 22 years ago Closed 22 years ago

Escapes && and > Operators when Sending Javascript

Categories

(Thunderbird :: Message Compose Window, defect)

Product:
Thunderbird
Component:
Message Compose Window
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 229122

People

(Reporter: gusrichter, Assigned: mscott)

Details

Attachments

(1 file)

&& operator escaped
605 bytes, text/plain
Details
User-Agent: Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 Build Identifier: Mozilla Thunderbird 0.5a (20031216) SENDING Mail with Thunderbird containg Javascript, causes the && and > Operators to be converted to their escaped form of &amp;&amp; and &gt;. When such mail is received, the Javascript is then inoperable. RECEIVING such Mail with Thunderbird sent with another client such as NC 4.x works O.K. The problem in Thunderbird is only in Sending Mail. <script language="javascript"> // sending if(i>1) // and (x==0&&y==restHeight) // results in receiving // if(i&gt;1) // and // (x==0&amp;&amp;y==restHeight) </script> Reproducible: Always Steps to Reproduce: 1. Include the sample script in Mail and send. 2. Open the Mail, look at source, and the Operators are escaped. Actual Results: As per Details. Expected Results: Thunderbird should not escape the Operators before/during Send.
This behavior has been here since 1.4 (N7.1) It requires avoiding the use of the above mentioned JS operators in mail/news. One hint I might point out is that not all instances of ampersand and greater than are escaped. One instance of the operator may be preserved within the script tags, while others are escaped. I don't have an example of this behavior, but may be able to find one if it will help. If memory serves, the instances of the operators closest to the start of the script are protected, but those further down are escaped, which would mean we could be seeing a false end to the script </script> or only excepting a fixed length.
Attached file && operator escaped
Here is an example where the first instance is ok, while the second is escasped
Confirmed Joe. Curiously, testing with your Attachment (with minor typo changes) the > Operator is also not escaped. It seems that the bug is not consistant from script to script. When it does occur in a particular script, it occurs consistantly. When it does NOT occur in a particular script, it does NOT occur consistantly. I don't know what the common factor is that causes the bug. Tests I conducted can be seen at: snews://secnews.netscape.com:563/brq25s$mbf11@ripley.netscape.com snews://secnews.netscape.com:563/brr7hl$o839@ripley.netscape.com Gus
This isn't a blocker. Changing to Normal severity.
URL: n/a
Severity: blocker → normal
I read on n.p.m.seamonkey that: "Bugs which exist in both Thunderbird and Seamonkey should be filed for both since they will require separate fixes, although it may be possible to port the fix from one to the other." Hence, submitted bug# 229122 Gus Richter
that is totally not true. 90% of the code for thunderbird is the same code used to build seamonkey. Please don't file bugs in both places. Bug reporting guidelines are listed in the bug forum. *** This bug has been marked as a duplicate of 229122 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: