A form submit where action='https://...' produces no user warning.

VERIFIED FIXED in M15

Status

()

P3
normal
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: 3jrgm, Assigned: jud)

Tracking

Trunk
x86
Windows 95
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [PDT-], URL)

Attachments

(1 attachment)

(Reporter)

Description

19 years ago
Overview Description: 
  Submitting a form where action='https://...' produces no user warning.

Steps to Reproduce: 
 1) Go to http://www.hotmail.com/
 2) Enter a username/password (foobar/bazbar) and click the sign-in
    button
 3) This may result in the wallet code asking if you want to save form
    fields.  Just say 'never' to the dialog.
 4) If the wallet code kicked in, click on sign-in again. This time
    wallet will not come up.
 5) Notice, though that in either case, no action is performed and no
    user warning is thrown.

Expected Results:
  If ssl/https is not a supported protocol, then submitting a form to a https 
  URL should throw an alert dialog up that informs the user of this situation. 
              

Actual Results:             
  No action is performed, and no alert dialog is thrown. (Bob the user just 
  figures it's broken -- and files a bug). 

Build Date & Platform Bug Found: 2000-02-01-08 & 2000-02-02-11 (win95)

Additional Builds and Platforms Tested On: none (sorry, no have).

Additional Information: 
  I'll make a test case that submits a form to an https url, with all
  the <inputs> type="hidden" -- this will, I think, stop the wallet
  code from getting in the way.

Comment 1

19 years ago
*** Bug 26156 has been marked as a duplicate of this bug. ***

Comment 2

19 years ago
The bug I've just marked a duplicate is actually a little more general than
this: all unsupported protocols should trigger a warning when referenced from
forms, and possibly one that is more informative than "Unregistered resource". 
The user doesn't know what the form does, and should get something lik "The form
you submitted relies on a protocol that is not supported in Mozilla" or
something of that sort....maybe.
(Reporter)

Comment 3

19 years ago
Yes, as Sean Richardson <sidr@albedo.net> and zach <zach@math.berkeley.edu>
have noted, this bug is split off from bug #24901 for the specific case of
submitting a form with the action requires an unsupported protocol (e.g.
<form action='https://...'  method='post'>). Also, as zach points out, this
should apply to the general case of any unsupported protocol, including the
case of "dyslexic" HTML authors (e.g., 'action="htpt://...."').

Comment 4

19 years ago
*** Bug 25407 has been marked as a duplicate of this bug. ***
(Reporter)

Comment 5

19 years ago
Created attachment 4929 [details]
https:// form with all <input> type hidden; avoids wallet code

Comment 6

19 years ago
after rethinking this bug, I think it is jud's.  cc-ing for his insight.
(Assignee)

Comment 7

19 years ago
Eric, how does a form submit load the data? Any different from a regular URL 
(ie. is it using the webshell?). The form load doesn't seem to be following the 
webshell load path. Does it use some sort of OnClick() handler?

Comment 8

19 years ago
Assigning to jud.  I think that he put in the protocol checks.
Assignee: dougt → valeski

Comment 9

19 years ago
Yes, it uses the link handler's OnLinkClick method.  The relevent code is in
nsFormFrame::OnSubmit (especially towards the end of that function.
*** Bug 27007 has been marked as a duplicate of this bug. ***
*** Bug 27007 has been marked as a duplicate of this bug. ***

Updated

19 years ago
Target Milestone: M15

Comment 12

19 years ago
*** Bug 27007 has been marked as a duplicate of this bug. ***

Comment 13

19 years ago
*** Bug 28549 has been marked as a duplicate of this bug. ***

Comment 14

19 years ago
*** Bug 28662 has been marked as a duplicate of this bug. ***

Comment 15

19 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General

Comment 16

19 years ago
The very similar bug 17697 was marked a beta stopper.  May I humbly suggest that
this be fixed for beta as well? Otherwise we'll just get a deluge of bug reports
from people who can't log into their hotmail accounts. 
(Assignee)

Updated

19 years ago
Keywords: beta1

Comment 17

19 years ago
*** Bug 29364 has been marked as a duplicate of this bug. ***

Comment 18

19 years ago
*** Bug 29372 has been marked as a duplicate of this bug. ***

Comment 19

19 years ago
PDT- for beta1. The Netscape beta should ship with SSL supported... and hence it 
should be  possible to log into hotmail etc..  I think this bug is a mozilla 
bug, until we get PSM fully integrated.  If we're mistaken, please clear the 
PDT- and add a comment.
Whiteboard: [PDT-]
(Assignee)

Comment 20

19 years ago
fix checked in
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED

Comment 21

19 years ago
*** Bug 27104 has been marked as a duplicate of this bug. ***

Comment 22

19 years ago
*** Bug 28304 has been marked as a duplicate of this bug. ***

Comment 23

19 years ago
Will this be in the M14 release? If not, should be on the most frequent bugs
list.

Comment 24

19 years ago
Verified on Linux build 2000.03.01.08.

Comment 25

19 years ago
Verified on WinNT.
Status: RESOLVED → VERIFIED

Comment 26

19 years ago
*** Bug 30397 has been marked as a duplicate of this bug. ***

Comment 27

19 years ago
*** Bug 31158 has been marked as a duplicate of this bug. ***

Comment 28

19 years ago
*** Bug 31400 has been marked as a duplicate of this bug. ***

Comment 29

19 years ago
*** Bug 31536 has been marked as a duplicate of this bug. ***

Comment 30

19 years ago
*** Bug 31760 has been marked as a duplicate of this bug. ***

Comment 31

19 years ago
*** Bug 31504 has been marked as a duplicate of this bug. ***

Comment 32

19 years ago
*** Bug 33143 has been marked as a duplicate of this bug. ***

Comment 33

19 years ago
*** Bug 34461 has been marked as a duplicate of this bug. ***

Comment 34

19 years ago
*** Bug 34462 has been marked as a duplicate of this bug. ***

Comment 35

19 years ago
*** Bug 34463 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.