Closed
Bug 299088
Opened 20 years ago
Closed 19 years ago
certain href values cause failure accessing hash property (and render with wrong style)
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: ytpete, Assigned: bzbarsky)
Details
Attachments
(2 files, 1 obsolete file)
|
861 bytes,
text/html
|
Details | |
|
4.41 KB,
patch
|
sicking
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 If a link's href contains both a space and a protocol that Moz/FF knows about, two problems occur: a) It is not rendered in the link style b) Attempting to access the DOM node's hash property results in a failure code The same two problems arise if the href is not specified at all. Reproducible: Always Steps to Reproduce: See testcase Actual Results: The way links 1,3,4,8 behave: 1. Links are black, not underlined, no 'hand' cursor. DOM Inspector shows that none of the usual browser CSS is being applied. The link is still draggable, however. 2. Trying to access the link node's hash property via JavaScript gives "Component returned failure code: 0x804b000a [nsIDOMNSHTMLAnchorElement.hash]" nsresult: "0x804b000a (<unknown>)" Expected Results: The way the other links behave: 1. Links are blue, underlined, with 'hand' cursor 2. Accessing the hash property does not throw an exception Reproduced on: Firefox 1.0.4/WinXP, Mozilla 1.7.3/WinXP, and Mozilla 1.5/Linux
|
Reporter | |
Comment 1•20 years ago
|
||
|
|
Reporter | |
Comment 2•20 years ago
|
||
Ack, sorry. This is the version I meant to upload. Links 1,2,4,5,9 show the problem and 3,6,7,8 work as expected.
Attachment #187592 -
Attachment is obsolete: true
|
Assignee | |
Comment 3•19 years ago
|
||
Those are not styled as links because they are not links -- that string is not a valid URI for those schemes, so clicking on the "link" would do nothing. Given that, we should't be showing this random text to the user as a link. Similarly, if there is no reasonable href, there is no hash. I suppose we could return the empty string instead of throwing, though. jst, sicking, peterv, thoughts?
Three things jump out as wrong. 1. I agree we should probably return an empty string rather then throwing 2. Seems like we try to actually load even broken uri and then fail somewhere along the line in a security check. We should probably do nothing when clicking on a link with a bad uri. 3. Why are 6 and 7 styled as links when the other bad links are not?
|
|
Assignee | |
Comment 5•19 years ago
|
||
> 2. Seems like we try to actually load even broken uri and then fail somewhere > along the line in a security check. Actually, no. We aren't trying to load anything. Chrome does some sort of stuff with the click event for some reason (since chrome doesn't bother checking whether this is a real link; that would be too sensible; it just goes by the localname). So it calls CheckLoadURIStr, which throws because newURI() on that string throws. Chrome is kinda dumb and assumes any error from CheckLoadURIStr means a security error. Should probably file a separate bug on it. > 3. Why are 6 and 7 styled as links when the other bad links are not? 6 because it's an unknown protocol, so we don't know what the rules for URIs in that scheme are. 7 looks like a necko bug. Again, should be filed separately. Sicking, basically the link is only a link if we can create an nsIURI for it. It's that simple.
|
|
Assignee | |
Comment 6•19 years ago
|
||
> 7 looks like a necko bug. Again, should be filed separately.
I was wrong here. Spaces are allowed in URIs, just not in the hostname of hierarchical URIs.
So the only thing we should really change here is that the hash access should not throw.|
|
Assignee | |
Comment 7•19 years ago
|
||
Oh, and see bug 229700 for the styling issue.
(In reply to comment #6) > > 7 looks like a necko bug. Again, should be filed separately. > > I was wrong here. Spaces are allowed in URIs, just not in the hostname of > hierarchical URIs. Shouldn't spaces be escaped as %20? Confirming the bug to fix the throw issue. The same issue probably exists trying to access the other parts of the uri.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Assignee | |
Comment 9•19 years ago
|
||
> Shouldn't spaces be escaped as %20?
They're not allowed in the hostname, period. Escaped or not.|
|
Assignee | |
Comment 10•19 years ago
|
||
Attachment #202176 -
Flags: superreview?(jst)
Attachment #202176 -
Flags: review?(bugmail)
No, i ment, shouldn't 7 be written as href="a%20b"? I.e. that spaces should be escaped where they are allowed?
Comment on attachment 202176 [details] [diff] [review] Like so I'd be fine with always returning NS_OK when NS_NewURI fails. r=me either way
Attachment #202176 -
Flags: review?(bugmail) → review+
|
|
Assignee | |
Comment 13•19 years ago
|
||
> No, i ment, shouldn't 7 be written as href="a%20b"?
In theory... in practice, enforcing that breaks sites. :(
|
||
Comment 14•19 years ago
|
||
Comment on attachment 202176 [details] [diff] [review] Like so sr=jst
Attachment #202176 -
Flags: superreview?(jst) → superreview+
|
|
Assignee | |
Updated•19 years ago
|
Assignee: general → bzbarsky
Target Milestone: --- → mozilla1.9alpha
|
|
Assignee | |
Comment 15•19 years ago
|
||
Fixed.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•