Closed
Bug 463206
Opened 16 years ago
Closed 16 years ago
SessionStore does not correctly restore text data when subframes are involved
Categories
(Firefox :: Session Restore, defect)
Firefox
Session Restore
Tracking
()
VERIFIED
FIXED
Firefox 3.1b2
People
(Reporter: moz_bug_r_a4, Assigned: zeniko)
Details
(Keywords: verified1.8.1.19, verified1.9.0.5, Whiteboard: [sg:high])
Attachments
(3 files, 3 obsolete files)
|
7.75 KB,
patch
|
dietrich
:
review+
beltzner
:
approval1.9.1b2+
|
Details | Diff | Splinter Review |
|
1.23 KB,
patch
|
Details | Diff | Splinter Review | |
|
1.27 KB,
patch
|
Details | Diff | Splinter Review |
This is fx3/fx2 only.
There are two problems.
1.
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/browser/components/sessionstore/src/nsSessionStore.js&rev=1.102&mark=1081-1088#1081
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/browser/components/sessionstore/src/nsSessionStore.js&rev=1.102&mark=1730-1734#1730
When saving text data, "0|1|2|" is used as the id prefix for frames[0][1][2].
But when restoring text data, "2|1|0|" is used as the id prefix for
frames[0][1][2].
2.
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/browser/components/sessionstore/src/nsSessionStore.js&rev=1.102&mark=1703#1701
SessionStore tries to inject text data of a top-level document into subframes.
|
Reporter | |
Comment 1•16 years ago
|
||
This demonstrates the problem 1.
|
|
Reporter | |
Comment 2•16 years ago
|
||
This demonstrates the problem 2.
|
|
Reporter | |
Comment 3•16 years ago
|
||
This tries to inject text data into http://htmledit.squarefree.com/
|
|
Reporter | |
Comment 4•16 years ago
|
||
This tries to inject text data into http://htmledit.squarefree.com/
|
|
Reporter | |
Comment 5•16 years ago
|
||
testcase 1 and 3 do not work in https:.
|
|
Reporter | |
Comment 6•16 years ago
|
||
This demonstrates the problem 1.
|
|
Reporter | |
Comment 7•16 years ago
|
||
This tries to inject text data into http://htmledit.squarefree.com/
|
||
Updated•16 years ago
|
Flags: blocking1.9.0.5?
Flags: blocking1.8.1.19?
|
Assignee | |
Comment 8•16 years ago
|
||
|
|
Assignee | |
Comment 9•16 years ago
|
||
Attachment #346519 -
Attachment is obsolete: true
Attachment #346522 -
Flags: review?(dietrich)
Attachment #346519 -
Flags: review?
|
|
Assignee | |
Comment 10•16 years ago
|
||
Attachment #346523 -
Flags: review?(dietrich)
|
||
Updated•16 years ago
|
Whiteboard: [sg:high]
|
|
||
Updated•16 years ago
|
Flags: wanted1.9.0.x+
Flags: wanted1.8.1.x+
Flags: blocking1.9.0.5?
Flags: blocking1.9.0.5+
Flags: blocking1.8.1.19?
Flags: blocking1.8.1.19+
|
|
||
Updated•16 years ago
|
Whiteboard: [sg:high] → [sg:high][needs r dietrich]
|
||
Comment 11•16 years ago
|
||
Comment on attachment 346522 [details] [diff] [review]
trunk patch (for legacy routines) and tests
r=me
Attachment #346522 -
Flags: review?(dietrich) → review+
|
|
||
Comment 12•16 years ago
|
||
Comment on attachment 346523 [details] [diff] [review]
branch patch
>Index: browser/components/sessionstore/src/nsSessionStore.js
>===================================================================
>RCS file: /cvsroot/mozilla/browser/components/sessionstore/src/nsSessionStore.js,v
>retrieving revision 1.102
>diff -u -8 -d -p -r1.102 nsSessionStore.js
>--- browser/components/sessionstore/src/nsSessionStore.js 24 Oct 2008 20:33:25 -0000 1.102
>+++ browser/components/sessionstore/src/nsSessionStore.js 5 Nov 2008 21:06:57 -0000
>@@ -1054,16 +1054,20 @@ SessionStoreService.prototype = {
> _saveTextData: function sss_saveTextData(aPanel, aTextarea) {
> var id = aTextarea.id ? "#" + aTextarea.id :
> aTextarea.name;
> if (!id
> || !(aTextarea instanceof Ci.nsIDOMHTMLTextAreaElement
> || aTextarea instanceof Ci.nsIDOMHTMLInputElement && aTextarea.type != "password")) {
> return false; // nothing to save
> }
>+ if (/^(?:\d+\|)+/.test(id)) {
>+ // text could be restored into a subframe, so skip it (see bug 463206)
>+ return false;
>+ }
>
> if (!aPanel.__SS_text) {
> aPanel.__SS_text = [];
> aPanel.__SS_text._refs = [];
> }
>
> // get the index of the reference to the text element
> var ix = aPanel.__SS_text._refs.indexOf(aTextarea);
>@@ -1695,17 +1699,17 @@ SessionStoreService.prototype = {
> // wait for the top frame to be loaded completely
> if (!aEvent || !aEvent.originalTarget || !aEvent.originalTarget.defaultView || aEvent.originalTarget.defaultView != aEvent.originalTarget.defaultView.top) {
> return;
> }
>
> var textArray = this.__SS_restore_text ? this.__SS_restore_text.split(" ") : [];
> function restoreTextData(aContent, aPrefix) {
> textArray.forEach(function(aEntry) {
>- if (/^((?:\d+\|)*)(#?)([^\s=]+)=(.*)$/.test(aEntry) && (!RegExp.$1 || RegExp.$1 == aPrefix)) {
>+ if (/^((?:\d+\|)*)(#?)([^\s=]+)=(.*)$/.test(aEntry) && RegExp.$1 == aPrefix) {
> var document = aContent.document;
> var node = RegExp.$2 ? document.getElementById(RegExp.$3) : document.getElementsByName(RegExp.$3)[0] || null;
> if (node && "value" in node) {
> node.value = decodeURI(RegExp.$4);
>
> var event = document.createEvent("UIEvents");
> event.initUIEvent("input", true, true, aContent, 0);
> node.dispatchEvent(event);
>@@ -1724,17 +1728,17 @@ SessionStoreService.prototype = {
> }
> }, 0, aData.innerHTML);
> }
> if (aData.scroll && /(\d+),(\d+)/.test(aData.scroll)) {
> aContent.scrollTo(RegExp.$1, RegExp.$2);
> }
> for (var i = 0; i < aContent.frames.length; i++) {
> if (aData.children && aData.children[i]) {
>- restoreTextDataAndScrolling(aContent.frames[i], aData.children[i], i + "|" + aPrefix);
>+ restoreTextDataAndScrolling(aContent.frames[i], aData.children[i], aPrefix + i + "|");
> }
> }
> }
>
> var content = aEvent.originalTarget.defaultView;
> if (this.currentURI.spec == "about:config") {
> // unwrap the document for about:config because otherwise the properties
> // of the XBL bindings - as the textbox - aren't accessible (see bug 350718)
Attachment #346523 -
Flags: review?(dietrich) → review+
|
|
||
Updated•16 years ago
|
Whiteboard: [sg:high][needs r dietrich] → [sg:high]
|
|
Assignee | |
Updated•16 years ago
|
|
|
||
Comment 13•16 years ago
|
||
Comment on attachment 346522 [details] [diff] [review]
trunk patch (for legacy routines) and tests
requesting a= for b2 due to the sg:high.
Attachment #346522 -
Flags: approval1.9.1b2?
|
||
Updated•16 years ago
|
Attachment #346522 -
Flags: approval1.9.1b2? → approval1.9.1b2+
|
|
||
Comment 14•16 years ago
|
||
Comment on attachment 346522 [details] [diff] [review]
trunk patch (for legacy routines) and tests
a=beltzner, sound rationale
|
|
||
Updated•16 years ago
|
Whiteboard: [sg:high] → [sg:high][has review][has approval]
Target Milestone: --- → Firefox 3.1b2
|
|
||
Comment 15•16 years ago
|
||
Simon, is 1.8.1 branch affected? If so, can you make a patch for that as well?
|
|
Assignee | |
Comment 16•16 years ago
|
||
Attachment #347822 -
Flags: approval1.8.1.18?
|
|
Assignee | |
Updated•16 years ago
|
Attachment #347822 -
Flags: approval1.8.1.18? → approval1.8.1.19?
|
|
||
Updated•16 years ago
|
Attachment #347822 -
Flags: approval1.8.1.19? → approval1.8.1.19+
|
|
||
Comment 17•16 years ago
|
||
Comment on attachment 347822 [details] [diff] [review]
branch patch (1.8.1)
Approved for 1.8.1.18, a=dveditz for release-drivers
|
|
||
Comment 18•16 years ago
|
||
Comment on attachment 346523 [details] [diff] [review]
branch patch
Approved for 1.9.0.5, a=dveditz for release-drivers
Attachment #346523 -
Flags: approval1.9.0.5+
|
||
Comment 19•16 years ago
|
||
Trunk patch pushed to mozilla-central: http://hg.mozilla.org/mozilla-central/rev/5e1a889aad0e
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
||
Comment 20•16 years ago
|
||
Can we get this landed in 1.9.0 and 1.8.1? I don't think this is part of the roll up patch...
|
|
Assignee | |
Comment 21•16 years ago
|
||
That's the only bit that I embarrassingly forgot to include in the roll-up patch.
Attachment #346523 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 22•16 years ago
|
||
Attachment #347822 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 23•16 years ago
|
||
I'll need somebody to land these patches for me, though. Thanks in advance!
|
||
Comment 24•16 years ago
|
||
Comment on attachment 349067 [details] [diff] [review]
[checked in] 1.9 branch patch
Checked in on branch. (looks like the rest of this previously landed as bug 464620)
Checking in browser/components/sessionstore/src/nsSessionStore.js;
new revision: 1.107; previous revision: 1.106
Attachment #349067 -
Attachment description: 1.9 branch patch → [checked in] 1.9 branch patch
|
|
||
Updated•16 years ago
|
Keywords: fixed1.9.0.5
|
|
||
Comment 25•16 years ago
|
||
Comment on attachment 349068 [details] [diff] [review]
[checked in] 1.8.1 branch patch
Checked in on 1.8 branch. (looks like the rest of this previously landed as bug
464620)
Checking in browser/components/sessionstore/src/nsSessionStore.js;
new revision: 1.5.2.54; previous revision: 1.5.2.53
Attachment #349068 -
Attachment description: 1.8.1 branch patch → [checked in] 1.8.1 branch patch
|
|
||
Updated•16 years ago
|
Keywords: checkin-needed → fixed1.8.1.19
Whiteboard: [sg:high][has review][has approval] → [sg:high]
|
||
Comment 26•16 years ago
|
||
Verified for 1.8.1.19 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19pre) Gecko/2008112503 BonEcho/2.0.0.19pre.
Verified for 1.9.0.5 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5pre) Gecko/2008112505 GranParadiso/3.0.5pre.
Verified for trunk with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b2pre) Gecko/20081123 Minefield/3.1b2pre.
Status: RESOLVED → VERIFIED
|
|
||
Updated•15 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•