Closed
Bug 280712
Opened 20 years ago
Closed 20 years ago
Backslashes or Newlines in fscommand strings cause js error
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: bugs, Assigned: jst)
References
()
Details
When flash calls out to the browser with fscommand, any strings with backslashes or newlines cause a js error. See the attached test case. When you type in some lines with \n or \ the following js error is reported: Error: unterminated string literal Source File: javascript: function jsScriptObject(obj) { this.wrappedJSObject = obj; } jsScriptObject.prototype = { evaluate : function(expression) { return new jsScriptObject(eval(expression)); } }; var plugin = document.embeds['fscommandtest']; plugin.SetWindow(new jsScriptObject(window),2052415597); Line: 1, Column: 43 Source Code: fscommandtest_DoFSCommand('button pushed', 'Try typing text in here with backslashes and newlines. Also try this in IE. Tentatively putting this in Plug-ins component, although jst says it could be a bug with our javascript: url handling, so cc'ing brendan too.
Reporter | ||
Comment 1•20 years ago
|
||
Actually, it's too big, so look in the URL field above for a link to the zip file.
Assignee | ||
Comment 2•20 years ago
|
||
Ok, so here's what's going on here. When the flash plugin executes a "fscommand" it does that by using the NPAPI to tell the browser to load a javascript: URL, the URL looks more or less like this: javascript: function jsScriptObject(obj) { this.wrappedJSObject = obj; } jsScriptObject.prototype = { evaluate : function(expression) { return new jsScriptObject(eval(expression)); } }; var plugin = document.embeds[...]; plugin.SetWindow(new jsScriptObject(window)); The key here is that it creates a new object with an evaluate() function on it, it passes this new object to the plugin's SetWindow() method, which in turn asynchronously calls the evaluate() function on that object (through XPConnect). The evaluate() functinon gets a single string argument from the plugin that looks like "fscommandtest_DoFSCommand('button pushed', 'Try typing...')". The evaluate() function then (as you can see in the above javascript: URL) does an eval() on the argument, and expects the incoming argument to be valid JS. But in this case where part of the argument is text that the user typed, the JS may or may not be valid. Try typing this in the text box in this testcase for kicks "Some text'); alert('foo" w/o the double quotes (") and you'll see what I mean :) There's nothing we can do about this in Mozilla, this is a bug in how macromedia executes its fscommands in Mozilla. The reason it works in IE is that for IE the testcase writes out a VBScript hook that executes the JS fscommand hook, so no eval involved there. Instead of using eval(), they should pass the name of the fscommand to the evaluate() function and an array of arguments, and just do window[fscommand].call(args)... I don't know what's possible to do in the flash code, it might be possible to work around this problem there too, given the above explanation of how this works. I.e. by escaping the string that the user typed etc... Marking WONTFIX as this is not a Mozilla bug.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•