274045 - input field not escaped

Status: VERIFIED DUPLICATE of bug 273085

(Bugzilla :: Reporting/Charting, defect)

Description

[Henrik Gemal]

https://bugzilla.mozilla.org/query.cgi?bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&long_desc=Error%3A%20uncaught%20exception%3A%20%5BException...%20%22Component%20returned%20failure%20code%3A%200x804b000a%20%5BnsIURI.spec%5D%22%20%20nsresult%3A%20%220x804b000a%20%28%3Cunknown%3E%29%22%20%20location%3A%20%22JS%20frame%20%3A%3A%20chrome%3A%2F%2Fbrowser%2Fcontent%2FcontentAreaUtils.js%20%3A%3A%20urlSecurityCheck%20%3A%3A%20line%2093%22%20%20data%3A%20no%5D&long_desc_type=allwordssubstr
will produce a weird looking page with this:
<input name="long_desc" size="40"

some input field is not being escaped
could perhaps be used for XSS?

Comment 1

[GavinS]

I don't seem to see the problem on the page - has b.m.o been fixed
super-quickly, or am I looking at the wrong thing?

Comment 2

[Gervase Markham [:gerv]]

I don't see it on my local installation, either on the tip or the 2.18 branch.

Henrik: can you attach a screenshot?

Gerv

Comment 3

[Dave Miller [:justdave]]

The provided URL has an elipsis in the middle of it... was that intentional or
did it get truncated when you pasted?

Comment 4

[timeless]

note that mrbkap and others have noticed signs of mozilla losing characters which would result in 
various problems.

Comment 5

[alanjstr]

(In reply to comment #3)
> The provided URL has an elipsis in the middle of it... was that intentional or
> did it get truncated when you pasted?
> 

The search seems to be for the Comment:
Error: uncaught exception: [Exception... "Component returned failure code:
0x804b000a [nsIURI.spec]"  nsresult: "0x804b000a (<unknown>)"  location: "JS
frame :: chrome://browser/content/contentAreaUtils.js :: urlSecurityCheck ::
line 93"  data: no]

WFM.

Comment 6

[timeless]

please reopen if you disagree, or remove the security flag if you agree.

*** This bug has been marked as a duplicate of 273085 ***