Last Comment Bug 297761 - Form with blank action submitted to base.href
: Form with blank action submitted to base.href
Status: RESOLVED FIXED
: regression, testcase
Product: Core
Classification: Components
Component: DOM: Core & HTML (show other bugs)
: Trunk
: All All
: -- major with 1 vote (vote)
: ---
Assigned To: general
:
Mentors:
Depends on: 607145 607974
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-15 02:50 PDT by Brian Quinion
Modified: 2010-10-28 08:44 PDT (History)
9 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
testcase (204 bytes, text/html)
2005-06-16 08:46 PDT, Phil Ringnalda (:philor, back in August)
no flags Details
Patch rev. 1 (1.31 KB, patch)
2005-06-25 21:18 PDT, Mats Palmgren (vacation)
no flags Details | Diff | Splinter Review
Patch rev. 2 (1.31 KB, patch)
2005-06-27 18:07 PDT, Mats Palmgren (vacation)
jst: review+
jst: superreview+
Details | Diff | Splinter Review
Patch rev. 3 (1.29 KB, patch)
2005-06-28 11:57 PDT, Mats Palmgren (vacation)
chofmann: approval1.8b3+
Details | Diff | Splinter Review

Description Brian Quinion 2005-06-15 02:50:17 PDT
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050531 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050531 Firefox/1.0+

a page (http://www.example.com/sub/test.php) contains

<FORM action="" method="get" name="">

In previous version of firefox and in IE this is submitted back to
http://www.example.com/sub/test.php in deer park alpha 1 it is submitted to
http://www.example.com/sub/


Reproducible: Always
Comment 1 Phil Ringnalda (:philor, back in August) 2005-06-15 16:27:05 PDT
http://philringnalda.com/mtests/test.php

WFM in Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050615
Firefox/1.0+

If you have an actual example with something else more complicated going on,
we'd need to see it to reopen.
Comment 2 Brian Quinion 2005-06-16 04:58:20 PDT
OK, this example works - it appears that this actually results from a
interaction of the blank action and BASE href.  It might even be argued that it
is the correct behaviour - but it is different from previous versions & IE.

<html>
<head>
<BASE href="http://www.dilbert.com/">
</head>
<body>
<form action="" method="get">
<input type="submit">
</form>
</body>
</html>
Comment 3 Phil Ringnalda (:philor, back in August) 2005-06-16 08:43:24 PDT
Ah, yeah. That would be the result of fixing bug 280470, but I know at least I
didn't think about the fact that people might be relying on the odd way that
HTMLFormElement.action is specified as a string. Both Opera and IE do follow the
letter of the spec and not resolve that to base.href

bz, jst - are we sure we want to be reasonable instead of 'right' and following
the herd here?
Comment 4 Phil Ringnalda (:philor, back in August) 2005-06-16 08:46:03 PDT
Created attachment 186481 [details]
testcase

Trivial testcase
Comment 5 Boris Zbarsky [:bz] 2005-06-16 15:12:32 PDT
Replacing the

1304   //
1305   // Grab the URL string
1306   //
1307   nsAutoString action;
1308   GetAction(action);

code in nsHTMLFormElement::DoSubmit with a GetAttr() call instead might help here...
Comment 6 Mats Palmgren (vacation) 2005-06-25 21:18:55 PDT
Created attachment 187323 [details] [diff] [review]
Patch rev. 1
Comment 7 Johnny Stenback (:jst, jst@mozilla.com) 2005-06-27 17:28:36 PDT
Shouldn't <form> behave the same way <form action=""> does? If so, the rv ==
NS_CONTENT_ATTR_HAS_VALUE check should go. No?
Comment 8 Hixie (not reading bugmail) 2005-06-27 17:36:52 PDT
yes, <form> should be equivalent to <form action="">.
Comment 9 Mats Palmgren (vacation) 2005-06-27 18:07:10 PDT
Created attachment 187461 [details] [diff] [review]
Patch rev. 2

(In reply to comment #7)
> Shouldn't <form> behave the same way <form action=""> does?

Yes, but GetURIAttr() already does the right thing for this case so the bug is
only for action="". But we can handle them both here if you prefer.

> If so, the rv == NS_CONTENT_ATTR_HAS_VALUE check should go. No?

That would turn *_ERROR into NS_OK.
Comment 10 Johnny Stenback (:jst, jst@mozilla.com) 2005-06-28 11:29:26 PDT
Comment on attachment 187461 [details] [diff] [review]
Patch rev. 2

- In nsHTMLFormElement::GetAction():

+  if (aValue.IsEmpty()) {
+    // Avoid resolving action="" to the base uri, bug 297761.
+    return NS_OK;
+  } else {

Remove the else-after-return.

r+sr=jst with that change.
Comment 11 Mats Palmgren (vacation) 2005-06-28 11:57:00 PDT
Created attachment 187523 [details] [diff] [review]
Patch rev. 3

With last comment addressed.
Comment 12 chris hofmann 2005-06-28 13:24:58 PDT
Comment on attachment 187523 [details] [diff] [review]
Patch rev. 3

a=chofmann
Comment 13 Mats Palmgren (vacation) 2005-06-28 16:46:51 PDT
Checked in to trunk at 2005-06-28 16:22 PDT

-> FIXED

Note You need to log in before you can comment on or make changes to this bug.