Closed
Bug 265692
Opened 21 years ago
Closed 21 years ago
mouseover of <a href> </a> link with other tags inside does not show url in status bar
Categories
(Core :: DOM: UI Events & Focus Handling, defect, P1)
Core
DOM: UI Events & Focus Handling
Tracking
()
VERIFIED
FIXED
mozilla1.8alpha5
People
(Reporter: jellis, Assigned: dbaron)
References
()
Details
(Keywords: fixed-aviary1.0, fixed1.7.5, regression)
Attachments
(2 files, 1 obsolete file)
|
293 bytes,
text/html
|
Details | |
|
10.76 KB,
patch
|
bzbarsky
:
review+
jst
:
superreview+
asa
:
approval-aviary+
asa
:
approval1.7.5+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20041022 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20041022 Firefox/1.0
Mousing over an image link does not show the url in the status bar.
Reproducible: Always
Steps to Reproduce:
1. Go to http://slashdot.org/
2. Mouse over the slashdot logo at the top left (or any other image link)
Actual Results:
URL is not displayed in the firefox status bar
Expected Results:
URL is displayed in the firefox status bar
This bug does not appear in the 20041020 aviary build, but it does appear in
20041022.
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20041022 Firefox/1.0
|
Reporter | |
Updated•21 years ago
|
Flags: blocking-aviary1.0?
|
|
Reporter | |
Updated•21 years ago
|
Keywords: regression
|
||
Comment 1•21 years ago
|
||
confirming with
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041022 Firefox/1.0
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 2000 → Windows XP
|
||
Comment 2•21 years ago
|
||
Hadn't yet regressed in Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.7.3) Gecko/20041021 Firefox/1.0
|
||
Comment 3•21 years ago
|
||
just a guess, but maybe the fix for bug 265176 caused this (I don't really know,
but nothing else looks likely)?
|
||
Comment 4•21 years ago
|
||
severity -> MAJOR
Given all efforts to make FF as secure as possible it is not a good thing if you
can't see where a link leads to.
Severity: normal → major
its not only image links either. another example, http://astalavista.box.sk/
on the left hand side the links from "Get your astalavista shirt now!" and below
do not show the url. and none of the links on the right hand pane show any url
either.
One of the main reasons I switched to FF was it was impossible for a site to
hide a url from the status bar so I could always see where it was going, so I'd
agree with peter, its a severe bug.
|
|
||
Comment 6•21 years ago
|
||
any tag inside <a></a> makes the statusbar link disappear
|
|
||
Comment 7•21 years ago
|
||
title->
mouseover of <a href> </a> link with other tags inside does not show url in
status bar
Summary: mouseover of image link does not show url in status bar → mouseover of <a href> </a> link with other tags inside does not show url in status bar
|
||
Updated•21 years ago
|
Flags: blocking-aviary1.0? → blocking-aviary1.0+
|
||
Comment 8•21 years ago
|
||
It looks like nsEventStateManager::DispatchMouseEvent needs the same sort of
change as nsEventStateManager::CheckForAndDispatchClick got in bug 265176. As
things stand, various mouse events are ending up untrusted when they should not be.
There are also similar issues in nsEventStateManager::GenerateDragGesture (for
the NS_DRAGDROP_GESTURE event ends up untrusted), and a lot of the focus/blur
stuff seems busted to me to.
The real solution to all this, imo, is to make the nsEvent constructor REQUIRE
the trusted flag. Then code can't accidentally screw it up.
I'm upgrading the severity here, since this rather breaks the anti-spoofing
benefits of the status bar.
Assignee: firefox → events
Severity: major → critical
Component: General → Event Handling
Flags: blocking-aviary1.0+ → blocking-aviary1.0?
OS: Windows XP → All
Product: Firefox → Browser
QA Contact: firefox.general → ian
Hardware: PC → All
Version: unspecified → Trunk
|
Assignee | |
Comment 9•21 years ago
|
||
Assignee: events → dbaron
Status: NEW → ASSIGNED
|
|
||
Updated•21 years ago
|
Flags: blocking-aviary1.0? → blocking-aviary1.0+
|
|
Assignee | |
Comment 10•21 years ago
|
||
Attachment #163152 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•21 years ago
|
Attachment #163153 -
Flags: superreview?(jst)
Attachment #163153 -
Flags: review?(bzbarsky)
|
|
||
Comment 11•21 years ago
|
||
Comment on attachment 163153 [details] [diff] [review]
patch getting more cases
>Index: nsEventStateManager.cpp
> event2.isMeta = aEvent->isMeta;
>+ event.internalAppFlags |=
>+ aEvent->internalAppFlags & NS_APP_EVENT_FLAG_TRUSTED;
event2 here. r=bzbarsky with that fixed, but I was serious about making this
less error-prone by forcing this flag in the nsEvent constructor. Please file
a followup bug on that?
Attachment #163153 -
Flags: review?(bzbarsky) → review+
|
||
Comment 12•21 years ago
|
||
Comment on attachment 163153 [details] [diff] [review]
patch getting more cases
sr=jst
Attachment #163153 -
Flags: superreview?(jst) → superreview+
|
|
Assignee | |
Updated•21 years ago
|
Attachment #163153 -
Flags: approval1.7.x?
Attachment #163153 -
Flags: approval-aviary?
|
|
||
Comment 13•21 years ago
|
||
Comment on attachment 163153 [details] [diff] [review]
patch getting more cases
a=asa for aviary checkin and 1.7 branch checkin.
Attachment #163153 -
Flags: approval1.7.x?
Attachment #163153 -
Flags: approval1.7.x+
Attachment #163153 -
Flags: approval-aviary?
Attachment #163153 -
Flags: approval-aviary+
|
|
Assignee | |
Comment 14•21 years ago
|
||
Fix checked in to trunk, 2004-10-23 15:28 -0700.
Fix checked in to AVIARY_1_0_20040515_BRANCH, 2004-10-23 15:28 -0700.
Fix checked in to MOZILLA_1_7_BRANCH, 2004-10-23 15:28 -0700.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Keywords: fixed-aviary1.0,
fixed1.7
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.8alpha5
|
||
Updated•21 years ago
|
Keywords: fixed1.7 → fixed1.7.x
|
||
Comment 16•21 years ago
|
||
This does not appear to be fully fixed. I have made a test case here
http://www.darkcity.nildram.co.uk/test.htm which shows 2 links, and nothing
comes up in the status bar what so ever when you mouse over them, same security
risk as before.
I know very little html and I basically copied this from a site so whatever the
reason for it is, this does happen in real browsing and isnt just a flawed
unusual testcase.
Can something not be done about this? it appears to be still quite easy for
someone to hide a url completely.
|
||
Comment 17•21 years ago
|
||
(In reply to comment #16)
> This does not appear to be fully fixed. I have made a test case here
> http://www.darkcity.nildram.co.uk/test.htm which shows 2 links, and nothing
> comes up in the status bar what so ever when you mouse over them, same security
> risk as before.
Same here. I'm still seeing this in some sites. Maybe thisshould be reopened?
|
|
Assignee | |
Comment 19•21 years ago
|
||
That test page is using Javascript to set the status bar. Pages have always
been able to do things like that. The fact that the text isn't showing up may
be a recent regression, but it's not *this* regression.
Status: REOPENED → RESOLVED
Closed: 21 years ago → 21 years ago
Resolution: --- → FIXED
|
|
||
Comment 20•21 years ago
|
||
if it is a regression it isnt recent, it happens on my 11th oct build as well.
The thing is under javascript options, I have "change status bar text" disabled
so it should show the correct url surely.
This is perhaps another bug, but its one that needs looking at before 1.0 imo
otherwise anyone wanting to hide any url from firefox will simple use this method.
|
||
Comment 21•21 years ago
|
||
Just a note, I've filed bug 266034 on that other issue.
reverifying
Status: RESOLVED → VERIFIED
|
||
Updated•6 years ago
|
Component: Event Handling → User events and focus handling
You need to log in
before you can comment on or make changes to this bug.
Description
•