Last Comment Bug 42945 - (TITLE) Unclosed or malformed TITLE tag makes page not render
(TITLE)
: Unclosed or malformed TITLE tag makes page not render
Status: VERIFIED FIXED
[need technote]
: compat, helpwanted, testcase, topembed+
Product: Core
Classification: Components
Component: HTML: Parser (show other bugs)
: Trunk
: x86 All
: P1 normal with 2 votes (vote)
: mozilla1.3beta
Assigned To: harishd
: Moied
: Andrew Overholt [:overholt]
Mentors:
: 48793 58677 78137 92255 108889 121531 130950 147972 148044 151821 159425 160137 160183 161889 162804 166029 170276 172006 183260 187146 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2000-06-17 21:06 PDT by Matthew Cline
Modified: 2009-08-06 18:41 PDT (History)
27 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
An HTML file with no closing TITLE tag (150 bytes, text/html)
2000-06-17 21:06 PDT, Matthew Cline
no flags Details
An HTML file with a closing TITLE tag. (158 bytes, text/html)
2000-06-17 21:07 PDT, Matthew Cline
no flags Details
Renders in Netscape 4.7 but not in Mozilla (199 bytes, text/html)
2000-06-18 01:55 PDT, Matthew Cline
no flags Details
Added 'malformed' to summary and attached a simplfied testcase to demonstrate problem with duplicate TITLE element ending tag. (317 bytes, text/html)
2002-10-02 16:17 PDT, Christine Hoffman
no flags Details
Test case with <title/> (140 bytes, text/html)
2002-12-12 20:28 PST, Brett Donald
no flags Details
patch v1.0 (11.09 KB, patch)
2002-12-15 17:03 PST, harishd
no flags Details | Diff | Splinter Review
patch v1.0.1 (11.74 KB, patch)
2002-12-15 17:42 PST, harishd
no flags Details | Diff | Splinter Review
patch v1.1 (12.35 KB, patch)
2002-12-19 14:22 PST, harishd
no flags Details | Diff | Splinter Review
patched with -uw flags - for reviewers (8.61 KB, patch)
2002-12-19 14:27 PST, harishd
no flags Details | Diff | Splinter Review
patch v1.2 [ addresses jst's concern ] (12.54 KB, patch)
2002-12-20 11:07 PST, harishd
hjtoi-bugzilla: review+
jst: superreview+
Details | Diff | Splinter Review

Description Matthew Cline 2000-06-17 21:06:08 PDT
If, in the HEAD part of an HTML file, there is a <TITLE> tag but no
</TITLE> tag, then the page just doesn't render.  I have no clue as to
how Mozilla should actually act, but this doesn't seem like it.

Adding two attachments which are reduced test cases.
Comment 1 Matthew Cline 2000-06-17 21:06:57 PDT
Created attachment 10328 [details]
An HTML file with no closing TITLE tag
Comment 2 Matthew Cline 2000-06-17 21:07:59 PDT
Created attachment 10329 [details]
An HTML file with a closing TITLE tag.
Comment 3 Asa Dotzler [:asa] 2000-06-17 22:37:33 PDT
I don't think that either Nav or IE render a page with an unclosed title tag.
Comment 4 Matthew Cline 2000-06-18 01:54:35 PDT
OK, I did a little more experimenting, and found that Netscape 4.7
will render a non-closed TITLE tag if the opening tag is in the form
of <TITLE="foo bar">.  (I found this example at peapod.com).
I am attaching a modified version of the testcase that should render
in NS 4.7 but not in Mozilla.
Comment 5 Matthew Cline 2000-06-18 01:55:11 PDT
Created attachment 10336 [details]
Renders in Netscape 4.7 but not in Mozilla
Comment 6 Doron Rosenberg (IBM) 2000-06-18 11:12:24 PDT
moving to Parser, even though this is not a real bug, but a NavQuirk issue.
Comment 7 rickg 2000-06-18 15:31:44 PDT
Off to harish for triage, but I'm willing to mark this wontfix for 6.0. Harish?
Comment 8 harishd 2000-06-20 15:42:23 PDT
This is  very low priority bug. Marking LATER.
Comment 9 Cyd 2000-10-31 18:45:39 PST
*** Bug 58677 has been marked as a duplicate of this bug. ***
Comment 10 Cyd 2000-10-31 18:46:12 PST
*** Bug 58677 has been marked as a duplicate of this bug. ***
Comment 11 bsharma 2001-03-02 15:59:55 PST
updated qa contact.
Comment 12 Mats Palmgren (:mats) 2001-04-30 12:04:03 PDT
*** Bug 78137 has been marked as a duplicate of this bug. ***
Comment 13 Boris Zbarsky [:bz] (still a bit busy) 2001-07-25 10:33:28 PDT
*** Bug 92255 has been marked as a duplicate of this bug. ***
Comment 14 Christopher Hoess (gone) 2001-09-18 13:12:48 PDT
Getting rid of LATER.
Comment 15 Boris Zbarsky [:bz] (still a bit busy) 2001-11-07 14:08:57 PST
*** Bug 108889 has been marked as a duplicate of this bug. ***
Comment 16 Boris Zbarsky [:bz] (still a bit busy) 2002-03-14 12:55:51 PST
*** Bug 130950 has been marked as a duplicate of this bug. ***
Comment 17 Boris Zbarsky [:bz] (still a bit busy) 2002-05-30 00:10:23 PDT
*** Bug 148044 has been marked as a duplicate of this bug. ***
Comment 18 rjones 2002-05-30 06:03:11 PDT
*** Bug 147972 has been marked as a duplicate of this bug. ***
Comment 19 R.K.Aa. 2002-07-30 12:40:03 PDT
*** Bug 160137 has been marked as a duplicate of this bug. ***
Comment 20 Heikki Toivonen (remove -bugzilla when emailing directly) 2002-07-30 12:54:06 PDT
This has enough dupes to warrant a fix I think. It looks like it might be some
tool that is producing content like |<title=some stuff here>|. IE6 can handle that.

Anyone willing to work on this while Harish is on sabattical?
Comment 21 R.K.Aa. 2002-07-30 14:40:19 PDT
*** Bug 160183 has been marked as a duplicate of this bug. ***
Comment 22 Jeremy M. Dolan 2002-07-30 15:20:46 PDT
[From the source of the last dupe, which I INVALIDated before RKA duped]

<html>
<body BGCOLOR="YELLOW">
<title="Granny's Speed Shop">

WORST
HTML
*EVER*

If it was at least before the <body> I'd suggest automatically ending <title> at
</body>, but that HTML above DESERVES not to render.

I e-mailed the person listed on the page asking if he had used a tool to produce
the page.
Comment 23 Olav Vitters 2002-08-09 04:45:48 PDT
*** Bug 161889 has been marked as a duplicate of this bug. ***
Comment 24 Olav Vitters 2002-08-15 00:43:20 PDT
*** Bug 162804 has been marked as a duplicate of this bug. ***
Comment 25 Mats Palmgren (:mats) 2002-08-24 08:10:04 PDT
*** Bug 48793 has been marked as a duplicate of this bug. ***
Comment 26 R.K.Aa. 2002-09-01 07:53:19 PDT
*** Bug 166029 has been marked as a duplicate of this bug. ***
Comment 27 Bill Mason 2002-09-07 16:16:25 PDT
*** Bug 167315 has been marked as a duplicate of this bug. ***
Comment 28 Boris Zbarsky [:bz] (still a bit busy) 2002-09-23 11:17:46 PDT
*** Bug 170276 has been marked as a duplicate of this bug. ***
Comment 29 Jerry Baker 2002-09-23 11:27:01 PDT
From bug 170276:

<title>The Straight Dope: Does smoking have any health <em>benefits?</em</title>

causes Mozilla to completely fail. IE6 and NN4 display the page with the title
bar reading "The Straight Dope: Does smoking have any health <em>benefits?</em"
Comment 30 Lloyd Wood 2002-09-23 11:40:31 PDT
I reopened bug 167315 to track the entire page appearing as text in the titlebar
due to an unclosed title tag in body and being a possible DoS.

bug 170276 is, however, not a dup of bug 167315. Having the entire page appear
as text in mozilla's window title is slightly different from mozilla not
displaying anything in the page or titlebar at all.

It's interesting that IE6 and NN4 display bug 170276's html in the title bar,
while mozilla does not, and requires different conditions to show the text in
the titlebar (bug 167315, unclosed title tag in body rather than in head.) 
Comment 31 harishd 2002-09-23 11:44:36 PDT
With this many duplicates may be this should get some attention.
Comment 32 R.K.Aa. 2002-10-01 15:32:53 PDT
*** Bug 172006 has been marked as a duplicate of this bug. ***
Comment 33 Christine Hoffman 2002-10-02 16:05:05 PDT
*** Bug 159425 has been marked as a duplicate of this bug. ***
Comment 34 Christine Hoffman 2002-10-02 16:08:02 PDT
Here are a list of topsites that still have problems due to malformed TITLE
element tags:

http://www-oss.fnal.gov/~mengel/mozbug.html
http://www.gjk.cz/~xkoua01/muzika.html
http://members.tripod.com/~grannys/rx7.html
http://www.straightdope.com/classics/a5_096.html
http://www.hallowquest.com/mantiindex.htm

The bugs for these sites have all be duped to this one.
Comment 35 Christine Hoffman 2002-10-02 16:17:53 PDT
Created attachment 101463 [details]
Added 'malformed' to summary and attached a simplfied testcase to demonstrate problem with duplicate TITLE element ending tag.
Comment 36 Jeremy M. Dolan 2002-10-02 16:23:15 PDT
None of those seem like top 100 sites. Proabably not even top 100,000. Has
anyone even contacted them to ask they fix their error?
Comment 37 Christine Hoffman 2002-10-02 17:06:05 PDT
You're right - removed top100 keyword. CCing Susiew to see if Evangelism wants
to follow on any of them
Comment 38 Andrew Hagen 2002-11-01 13:59:09 PST
*** Bug 121531 has been marked as a duplicate of this bug. ***
Comment 39 Boris Zbarsky [:bz] (still a bit busy) 2002-12-03 10:59:08 PST
*** Bug 183260 has been marked as a duplicate of this bug. ***
Comment 40 Brett Donald 2002-12-12 20:28:19 PST
Created attachment 109196 [details]
Test case with <title/>

doing this also causes document not be rendered: <title/>
Comment 41 Jeremy M. Dolan 2002-12-12 20:54:16 PST
Is <title/> any more valid than no closing tag? People writing XML should be
doing so properly.

In five days, this bug will be two and a half years old. If Mozilla and all
other Gecko browsers have survived all this time without a <title> hack, and no
one's cared enough to attempt a patch in these 900+ days, we mine as well close
this. Somehow, I think users will continue to cope with not being able to view
two Geocities pages that haven't been updated since Netscape 3 was in beta.
Comment 42 Paul 2002-12-13 07:32:39 PST
http://isotopes.lbl.gov/education/parent/U_iso.htm

does not render correctly either. It does render in IE and Netscape.

the page starts starts <title> <u isotopes </title>

The above comment is however a good point. Mozilla is a decent "second browser"
there is probably no reason for it to be able to see all the pages that a
primary browser like IE can see.
Comment 43 johann.petrak@gmail.com 2002-12-13 07:39:53 PST
I have to strongly contradict comment #42.
Mozilla is definitely the primary browser for me and a lot of other people i know.
While the behavior described in this bug is not wrong, being more lenient towards
html errors would simply make it easier for users to browse the web, without
having to resort to other browsers that are more error-tolerant, be they
primary or secondary.
Comment 44 Lloyd Wood 2002-12-13 07:58:39 PST
I have to strongly contradict comment #43.

It's obviously completely unreasonable to expect some hippie feelgood
depending-on-the-community-to-fix-the-bugs-it-reports "open source" giveaway
freebie browser to work as well, robustly, or reliably as a properly-produced
well-marketed professional commercial product like Microsoft's Internet
Explorer. We should all lower our expectations appropriately.

If a complex bug like this one (and related bugs like bug 167315) proves too
hard to think about fixing, you should follow the advice of comment #42 and just
close this bug.

(Paul, I don't think sarcasm translates awfully well for people with English as
a second language.)
Comment 45 Susie Wyshak 2002-12-13 10:12:08 PST
I agree with comment #43 and added nsbeta1 and topembed keywords.

The fact that many non-topsites sites are making this error which has such a
critical result as a blank home page seems like a good case for fixing this in
quirks mode. 
Comment 46 harishd 2002-12-13 11:40:47 PST
This bug should be squashed( way too many duplicates ).
Comment 47 Paul 2002-12-15 10:38:23 PST
to update comment 34, here are the sites from the duplicate bugs that still
don't work (not including sites designed with the sole purpose of showing this bug).

http://www.ssa.gov/survivorplan/ifyou.htm
<title>SSA Retirement Suite</title>
<title=On your own benefits>

http://members.tripod.com/~grannys/rx7.html
<title="foo bar">

http://www.straightdope.com/classics/a5_096.html
<title>foo <em>bar</em</title>

http://www.hallowquest.com/mantiindex.htm
<title>foo bar</title>
<meta[...]<title>

and my favorite
http://isotopes.lbl.gov/education/parent/U_iso.htm
<title> <i foo bar </title>
Comment 48 harishd 2002-12-15 17:03:11 PST
Created attachment 109363 [details] [diff] [review]
patch v1.0

This patch handles almost all the cases except the case in
http://www.straightdope.com/classics/a5_096.html. However, that's a different
bug and should be handled differently.
Comment 49 harishd 2002-12-15 17:42:27 PST
Created attachment 109369 [details] [diff] [review]
patch v1.0.1

Same as patch v1.0 but with minor cleanups.
Comment 50 Michael Buckland 2002-12-18 10:17:34 PST
Discussed in edt.  Plussing.
Comment 51 harishd 2002-12-19 14:22:34 PST
Created attachment 109787 [details] [diff] [review]
patch v1.1

This patch addresses both unclosed and malformed TITLE.
Comment 52 harishd 2002-12-19 14:27:28 PST
Created attachment 109789 [details] [diff] [review]
patched with -uw flags - for reviewers
Comment 53 Johnny Stenback (:jst, jst@mozilla.com) 2002-12-19 23:53:11 PST
Comment on attachment 109789 [details] [diff] [review]
patched with -uw flags - for reviewers

>+      if (!(mFlags & (NS_DTD_FLAG_HAD_FRAMESET | NS_DTD_FLAG_HAD_BODY))) {
>+        // This document is not a frameset document, however, it did not contain
>+        // a body tag either. So, make one!. Note: Body tag is optional per spec..
>+        result = BuildTarget(eHTMLTag_body, eToken_start, aParser, aSink);
>+        NS_ENSURE_SUCCESS(result , result);
>             }
>             if(mFlags & NS_DTD_FLAG_MISPLACED_CONTENT) {
>-              // Create an end table token to flush tokens off the misplaced list...
>-              CHTMLToken* theTableToken=NS_STATIC_CAST(CHTMLToken*,mTokenAllocator->CreateTokenOfType(eToken_end,eHTMLTag_table));
>-              if(theTableToken) {
>-                result=HandleToken(theTableToken,mParser);
>-              }
>+        // Looks like there is an open table Close the table tag
>+        // by building a matching end target rather end table.
>+        result = BuildTarget(eHTMLTag_table, eToken_end, aParser, aSink);

This just doesn't make sense to me. I don't see any code that indicates that
there's an open table here. To me it looks like either this code is wrong, or
this needs a better explanation in the comment. There's a missing period in the
comment too, just before "Close".
Comment 54 harishd 2002-12-20 10:24:40 PST
>This just doesn't make sense to me. I don't see any code that indicates that
>there's an open table here. To me it looks like either this code is wrong, or
>this needs a better explanation in the comment. There's a missing period in the
>comment too, just before "Close"

There is nothing wrong in this code ( may be I should comment it better). If the
MISPLACED flag is set then it indicates that there is an open table in the
misplaced list ( in fact I should probably rename MISPLACED to MISPLACED_TABLE
or something like that ) and hence we have to close the table. In any case I do
understand your concern and will try to come with a slightly different patch to
make those lines in question more readable.

Note: This patch does not change the existing behavior w.r.t misplaced table.
That is, even before this patch we used to create an end table if the MISPLACED
flag was set.
Comment 55 harishd 2002-12-20 11:07:31 PST
Created attachment 109841 [details] [diff] [review]
patch v1.2 [ addresses jst's concern ]
Comment 56 Johnny Stenback (:jst, jst@mozilla.com) 2002-12-21 02:09:39 PST
Comment on attachment 109841 [details] [diff] [review]
patch v1.2 [ addresses jst's concern ]

Ah, gotcha. sr=jst then.

Wanna open a new bug about renaming NS_DTD_FLAG_MISPLACED_CONTENT to
NS_DTD_FLAG_MISPLACED_TABLE then?
Comment 57 Boris Zbarsky [:bz] (still a bit busy) 2002-12-30 08:35:26 PST
*** Bug 187146 has been marked as a duplicate of this bug. ***
Comment 58 harishd 2003-01-03 15:22:52 PST
Fixed.
Comment 59 Andrew Hagen 2003-02-11 19:39:54 PST
*** Bug 151821 has been marked as a duplicate of this bug. ***
Comment 60 Michael Lefevre 2003-04-10 18:10:46 PDT
various test URLs WFM with 2003041009/win2k. verified.

Note You need to log in before you can comment on or make changes to this bug.