Closed Bug 266268 Opened 20 years ago Closed 17 years ago

Pasting text that starts with line break into <input type=text> succeeds

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Version:
1.7 Branch
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: carlo, Assigned: dveditz)

Details

(Whiteboard: [sg:nse]) 

User-Agent:       Mozilla/5.0 (Windows; U; Win98; rv:1.7.3) Gecko/20040913 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Win98; rv:1.7.3) Gecko/20040913 Firefox/0.10.1

When you paste a text with a return carriage into it Firefox 0.10.1 (and also
Mozilla Suite 1.7) makes a new line in the input field, while it could have no
carriage returns.

Reproducible: Always
Steps to Reproduce:
1. go to a page with a text input field (ex. www.google.com)
2. type a word into the form field
3. copy a text that starts with a carriage return from a web page or a txt file
4. paste it into the input field of the form where you've typed before


Actual Results:  
The input field become scrollable with more than one line into it. That's not
permitted in HTML specs.

Expected Results:  
The browser should "crop" the lines in excess. 

The bug only shows when the text starts with a carriage return. If the CR is
inside the text (not the first position) the bug isn't shown and the browser
behaves correctly.

SECURITY PROBLEMS: maybe this could lead a user to submit a text he didn't see.
For example using a javascript that paste something confidential into the input
field (the user seing only the last line).
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking-aviary1.0?
Summary: Incorrect handling of paste into a input type=text form → Pasting text that starts with line break into <input type=text> succeeds
Assignee: firefox → mozeditor
Component: General → Editor: Core
Product: Firefox → Browser
QA Contact: firefox.general → bugzilla
Version: unspecified → 1.7 Branch
We definitely want to strip newlines, and have code to do so. I cannot reproduce
this on WinXP, is it Win98 only? If you've somehow fiddled your
editor.singleLine.pasteNewlines pref to a non-default value we'll allow newlines
in the middle (for unix folks), but even then we should strip them from the
beginning and end.

When you say "carriage return" do you mean that literally in the computer code
sense, or colloquially to mean the platform-specific line-ending code? I'll
re-check the code and see if it gets fooled by a naked 0x0D on windows.
Assignee: mozeditor → dveditz
(In reply to comment #1)
> We definitely want to strip newlines, and have code to do so. I cannot reproduce
> this on WinXP, is it Win98 only?

I've reproduced it also with Firefox 0.9.1 on Linux Debian. behaves a little
different from Win98: the carriage return can be also inside a string.

 If you've somehow fiddled your
> editor.singleLine.pasteNewlines pref to a non-default value we'll allow newlines
> in the middle (for unix folks), but even then we should strip them from the
> beginning and end.
I've not modified anything.

> When you say "carriage return" do you mean that literally in the computer code
> sense, or colloquially to mean the platform-specific line-ending code? I'll
> re-check the code and see if it gets fooled by a naked 0x0D on windows.

I mean I select two different lines of text (from a web page, from a text
file...) and paste it into the input field where I previously wrote someting.
Both lines are pasted instead of only the first OR the last one.
For "carriage return" I mean the end of line, I hope it's the right term, sorry
but I'm not english so maybe I've used a wrong term.
Note: if I just paste it into a blank text field (havn't typed anything into
before) the bug isn't shown on Windows98. While on FF 0.9.1 on Linux I can
directly paste two lines into a text field and it keeps in the field both lines
(you can scroll them only using the mouse, not the arrows on the keyboard).
I'll reboot the pc to reproduce it again on Windows98, if anything behaves
different from what stated above I'll post a new comment.
I can reproduce on WinXP.
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1
The bug shows also without having typed anything before. just paste a string
with a carriage return at first. 

I can reproduce on WinXP using these steps:

1. Type 'a' into web page textbox.
2. Type '<enter>b' into Notepad.
3. Select all, copy from Notepad, paste into textbox.
Result: textbox now has 'a<linebreak>b'.

I haven't figured out how to reproduce if the textbox is empty before you paste.
Ok, I had a non-default value for editor.singleLine.pasteNewlines from testing
an earlier bug -- I had a value of 0 (the unix default) rather than 1 (the
win/mac default). When I change it to 1 I can reproduce this bug no problem, at
least as described in comment 5; I cannot reproduce the variant described in
comment 4.
Whiteboard: [sg:nse]
sounds like the critical parts of this have been fixed.  rest of the work is for
the trunk.  renominate if this is not correct.
Flags: blocking-aviary1.0? → blocking-aviary1.0-
(In reply to comment #7)
> sounds like the critical parts of this have been fixed.  rest of the work is for
> the trunk.  renominate if this is not correct.

I'm  seing it on
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.5) Gecko/20041103 Firefox/1.0RC2
I can still reproduce on Firefox 1.0
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Can reproduce on
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
QA Contact: bugzilla → nobody
Could not reproduce anymore in Firefox 2 (Windows 98SE) and Firefox 3RC1 (Windows XP Pro).
I think this bug has been totally fixed.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Group: core-security
You need to log in before you can comment on or make changes to this bug.