Closed Bug 288404 Opened 20 years ago Closed 20 years ago

When submitting a search in my web mail by pressing the keyboard return key, the form is submitted even without clicking on 'Continue' in the security warning

Categories

(Toolkit :: Form Manager, defect)

Product:
Toolkit
Component:
Form Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 182179

People

(Reporter: mozilla, Assigned: bugs)

References

(
URL
)

Details

(Whiteboard: [sg:nse])

Attachments

(1 file)

Source code of the search form. Right-clicked and view source and saved to file.
28.96 KB, text/plain
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2

1. Logged into my university web mail
2. Clicked on search, which opens a new window (form + display results)
3. Entered text to seach after selecting folder and options
4. If I click on Submit button with mouse, the search results are displayed
without any security alert.
5. If instead I press Enter on my keyboard, it pops up a 'Security
Alert'.."Although this page is encrypted, the information you have entered is to
be sent over an unencrypted connection and could easily be read by a third
party. Are you sure you want to continue sending this information?" - Continue
or Cancel.
6. Before I can press either, the results have already been displayed, indicated
the data was submitted anyway.

Reproducible: Always

Steps to Reproduce:
1. Fill search form (https)
2. Submit pressing return key
3. 

Actual Results:  
Security alert popped up, but results loaded anyway without accepting alert.

Expected Results:  
Waited for me to Select continue or cancel to submit form data or not.

I am attaching the source code of the search form. Feel free to contact me for
any further info/code from the site.
Attachment #179148 - Attachment mime type: text/html → text/plain
Summary: When submitting a search in my web mail by pressing the keyboard return key, the form is submitted even without clicking on 'ok' in the security warning → When submitting a search in my web mail by pressing the keyboard return key, the form is submitted even without clicking on 'Continue' in the security warning
The action of the search form is a javascript url and that's known to falsely
trigger the unencrypted warning (bug 182179). In this case the form action is a
no-op (literally "javascript:{}") so there wasn't much to cancel.  The form also
has an onsubmit event handler which does the real work of constructing a big
search URL and loading it.

An onsubmit handler could be used to do form data verification and can cancel
the submit if it doesn't like what it find. The unencrypted warning can only
come when the form really submits after the onsubmit handler fires.

*** This bug has been marked as a duplicate of 182179 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:nse]
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: