Closed Bug 297263 Opened 20 years ago Closed 19 years ago

source code is not shown with a specially coded script

Categories

(Toolkit :: View Source, defect)

Product:
Toolkit
Component:
View Source
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED EXPIRED

People

(Reporter: cyruxnet, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

The code in the example
204 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050609 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050609 Firefox/1.0+

This is one of the possible script codes that makes Firefox (and Mozilla) hide
all the web source code and all de HTML code out of the script tags.
Example:
----------------------------------
<h2>text before the code</h2>
<script type="text/javascript">
function init() {
document.write("<h1>code rendered</h1>");
}
setTimeout("init()",1);
</script>
<h2>text after the code</h2>
----------------------------------
More examples:
http://www.cyruxnet.org/ghost_firefox.htm

Based on:
http://research.seniorennet.be/Techresearch/Javascript_security_flaw_bug_ie_6/security_flaw_bug_javascript_ie_6_internet_explorer.php

Reproducible: Always

Steps to Reproduce:
1.any step, just show the web an look for the code
2.
3.

Actual Results:  
Web source code is hidden and all de HTML code out of the script tags too.

Expected Results:  
just seen the source code
How is this a bug exactly? How are you supposed to test it? You don't actually
give steps to reproduce or expected/actual results.
(In reply to comment #1)
> How is this a bug exactly? How are you supposed to test it? You don't actually
> give steps to reproduce or expected/actual results.

Yes i do, just insert the example script into any source web. 
When the web is open into Firefox 1.0.4 (may be others), only the code into de
script is seen on the browser, and if you try to see the web source, it seems to
be empty.
There is more info on the web (in spanish):
http://www.cyruxnet.org/ghost_firefox.htm

(In reply to comment #2)
> Yes i do, just insert the example script into any source web. 
> When the web is open into Firefox 1.0.4 (may be others), only the code into de
> script is seen on the browser, and if you try to see the web source, it seems to
> be empty.
> There is more info on the web (in spanish):
> http://www.cyruxnet.org/ghost_firefox.htm

Can you attach a testcase here, then? None of the sites you link to seem to have
a working testcase.

    
    

    
  
Sure, the code is attached.
There are codes in the page, but remember that the bug is new and may be not
reproducible on your system, the status is unconfirmed.
This code is based on the IE bug published here
http://research.seniorennet.be/Techresearch/Javascript_security_flaw_bug_ie_6/security_flaw_bug_javascript_ie_6_internet_explorer.php

    
    

    
  
I don't see how this is a bug. Using document.write after the page has loaded
creates a new document. If you view source, you're viewing the source of that
new document, not of the original one. View Source may not even show anything
because the page doesn't finish loading (like bug 285560) because
document.close() isn't called.

    
    

    
  
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/


    
    

    
  
This bug has been automatically resolved after a period of inactivity (see above
comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → EXPIRED
Product: Firefox → Toolkit

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: