If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Backslashes or Newlines in fscommand strings cause js error

RESOLVED WONTFIX

Status

()

Core
Plug-ins
RESOLVED WONTFIX
13 years ago
13 years ago

People

(Reporter: Ben Goodger (use ben at mozilla dot org for email), Assigned: jst)

Tracking

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

When flash calls out to the browser with fscommand, any strings with backslashes
or newlines cause a js error.

See the attached test case. When you type in some lines with \n or \ the
following js error is reported: 

Error: unterminated string literal
Source File: javascript: function jsScriptObject(obj) { this.wrappedJSObject =
obj; } jsScriptObject.prototype = { evaluate : function(expression) { return new
jsScriptObject(eval(expression)); } }; var plugin =
document.embeds['fscommandtest']; plugin.SetWindow(new
jsScriptObject(window),2052415597);
Line: 1, Column: 43
Source Code:
fscommandtest_DoFSCommand('button pushed', 'Try typing text in here with
backslashes and newlines.  Also try this in IE.

Tentatively putting this in Plug-ins component, although jst says it could be a
bug with our javascript: url handling, so cc'ing brendan too.
Actually, it's too big, so look in the URL field above for a link to the zip file. 
(Assignee)

Comment 2

13 years ago
Ok, so here's what's going on here. When the flash plugin executes a "fscommand"
it does that by using the NPAPI to tell the browser to load a javascript: URL,
the URL looks more or less like this:

javascript: function jsScriptObject(obj) { this.wrappedJSObject = obj; }
jsScriptObject.prototype = { evaluate : function(expression) { return new
jsScriptObject(eval(expression)); } }; var plugin = document.embeds[...];
plugin.SetWindow(new jsScriptObject(window));

The key here is that it creates a new object with an evaluate() function on it,
it passes this new object to the plugin's SetWindow() method, which in turn
asynchronously calls the evaluate() function on that object (through XPConnect).
The evaluate() functinon gets a single string argument from the plugin that
looks like "fscommandtest_DoFSCommand('button pushed', 'Try typing...')". The
evaluate() function then (as you can see in the above javascript: URL) does an
eval() on the argument, and expects the incoming argument to be valid JS. But in
this case where part of the argument is text that the user typed, the JS may or
may not be valid.

Try typing this in the text box in this testcase for kicks "Some text');
alert('foo" w/o the double quotes (") and you'll see what I mean :)

There's nothing we can do about this in Mozilla, this is a bug in how macromedia
executes its fscommands in Mozilla. The reason it works in IE is that for IE the
testcase writes out a VBScript hook that executes the JS fscommand hook, so no
eval involved there. Instead of using eval(), they should pass the name of the
fscommand to the evaluate() function and an array of arguments, and just do
window[fscommand].call(args)...

I don't know what's possible to do in the flash code, it might be possible to
work around this problem there too, given the above explanation of how this
works. I.e. by escaping the string that the user typed etc...

Marking WONTFIX as this is not a Mozilla bug.
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.