Closed Bug 482659 Opened 15 years ago Closed 15 years ago

[FIX]AOL.com/AIM.com inline/attached images don't display

Categories

(Core :: Layout: Images, Video, and HTML Frames, defect, P1)

Product:
Core
Component:
Layout: Images, Video, and HTML Frames
Platform:
x86
All
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: stephend, Assigned: bzbarsky)

References

(
URL
)

Details

(4 keywords, Whiteboard: [READ comment 55 before commenting])

Attachments

(4 files, 2 obsolete files)

Screenshot of 3.0.6
465.75 KB, image/png
Details
Screenshot of 3.0.7
323.38 KB, image/png
Details
This gives about:blank URIs the loader's base URI
19.95 KB, patch
dcamp
: review+
jst
: superreview+
Details | Diff | Splinter Review
1.9.0 patch with the test commented out
18.18 KB, patch
dveditz
: approval1.9.0.9+
Details | Diff | Splinter Review
Attached image Screenshot of 3.0.6 
Summary: AOL.com/AIM.com attached images aren't displaying inline.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 works

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 fails

Steps to Reproduce:

1. Using the 3.0.7 build, log in to AOL.com or AIM.com
2. Load any email that has an attached, but normally inline-viewable image.

Expected Results:

Image displays

Actual Results:

Broken image icon displays; image is still there in the email content, though.

It's content-type is:

Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="2008_Lexus_IS_F_113_(400x300).jpg"
Content-Type: image/jpeg; name="2008_Lexus_IS_F_113_(400x300).jpg"

Sorry, I don't yet have time for a regression range.
Stephen says this is broken in Shiretoko too. I'll test this more tomorrow, but nominating for a bunch of things so it gets on the radar.
Flags: wanted1.9.0.x+
Flags: blocking1.9.1?
Flags: blocking1.9.0.8?
Version: 1.9.0 Branch → Trunk
(In reply to comment #2)
> Stephen says this is broken in Shiretoko too. I'll test this more tomorrow, but
> nominating for a bunch of things so it gets on the radar.

Yeah, broken in Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.1b4pre) Gecko/20090310 Shiretoko/3.1b4pre, too; I won't belabour you with more screenshots.
Any messages in the error console? (make sure javascript.options.showInConsole is enabled)

Does the problem reproduce if you "Save as Complete" and then load it locally? If so we could pass those files around and wouldn't have to all get AOL mail accounts to test the problem, and whittle it down to a minimal testcase we could stick in the regression testsuite.
It seems that relative urls starting with "/" don't map correctly, that's what is breaking the images on aol, with a full path it works fine. I tested this locally as well, and I'll try to get a testcase up soon.
see bug 482659 for some information (relative URL, page source, image properties)
We'll probably need to block on this since it's now a common issue.
Keywords: common-issue+
(In reply to comment #7)
> see bug 482659 for some information (relative URL, page source, image

This is bug 482659.

--> Core::ImgLib
Component: General → ImageLib
Flags: blocking1.9.1? → blocking1.9.1+
QA Contact: general → imagelib
I meant bug 481674...
imgLoader::LoadImage() is never called for those attached images, so the problem does not lie in imagelib.

(I have a test AOL account whose credentials I will pass out to people who ask. E-mail me privately.)
Component: ImageLib → Layout: Images
QA Contact: imagelib → layout.images
(This problem also appears for AIM Mail accounts, which are freely available and are automatically created for anyone with an AIM account.)
Right. I was just trying to save someone from the (considerable!) annoyance of finding a screen name that is a) memorable and b) not taken. Fwiw, all I had to do to reproduce the bug was send a plain text message with an image as an attachment.
Do we know what regressed this?
Looking at the DOM of the page, it appears that the cause of this is that URL, baseURI, and documentURI are "about:blank" in the message <iframe>'s document.  This is breaking the relative image paths used for attachments.

From a quick scan of the 1.9.0.7 changes, bug 459470 could be related.
Boris, Jonas: Any idea here?
Attached file testcase (obsolete) — 
Thanks Matthew, here's a reduced testcase.
Comment on attachment 367172 [details]
testcase

This is wrong, although that is what shows up on AOL's frame. Bug 436965 is also a possible candidate... I'll try to narrow down some regression range.
Attachment #367172 - Attachment is obsolete: true
I think I nailed the testcase down to this: http://martijn.martijn.googlepages.com/aol_test.htm
This works in Firefox 3.0.6, but doesn't work in Firefox3.0.7.
Yeah, so the key change here for bug 445004 was to change the URI and base URI used for document.written documents. They used to have something to do with the document the function calling document.write() was defined in.  That bug changed it to the document the script is running on (which is not the same thing, in some cases).

I did do some testing of IE's behavior wrt document.write() (see bug 445004 comment 24) and implemented something compatible with that testing.  But perhaps IE has some sort of special-case behavior for situations where the document the script is running on is about:blank...  Martijn, thanks for the testcase.  I'll try to dig into it a bit and see what I can get from it.
OK, I see what's going on.  The javascript: URI itself does have the right base URI here, but at the point when the write() happens the base URI of the subframe really is just about:blank.

On Martijn's testcase, I see the following results:

Safari 3.2.1: shows image
Webkit trunk: does not show image
Opera: does not show image
IE: shows image

Doing more digging now.
Er, I take that back.  On Martijn's testcase, IE7 does NOT show the image.
And I take that back too; if I change the testcase enough (work around IE's bogus handling of <html:button> and its inability to remove the load handler), then the image does show up in IE.

And the key here is that in IE the base URI of the about:blank document is NOT about:blank.  In particular, the image shows up even if I remove the location set from the testcase.  I guess I knew that; see bug 465804 comment 2.  That didn't use to work in Gecko, of course, and I wonder whether the site is using the location set to work around that...  Martijn, do they really just write out the empty string in the original site?
Not completely sure how safe this is, but I think it should be ok; it's aligning us closer to IE on this matter.  This also affects the base URI of window.open("about:blank"), but NOT window.open("").  In IE the latter has the base URI of the opening document.  If desired, I can fix that case too.

biesi says he's ok with the general necko approach and with dcamp doing the review.

jst, what do you think of this in web compat terms?
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #367278 - Flags: superreview?(jst)
Attachment #367278 - Flags: review?(dcamp)
Setting P1; beta exposure would be afwul nice here.
Blocks: 465804
Priority: -- → P1
Summary: AOL.com/AIM.com inline/attached images don't display → [FIX]AOL.com/AIM.com inline/attached images don't display
Attachment #367278 - Flags: review?(dcamp) → review+
I've verified in my debug build that the patch fixes the AOL mail issue.
I'm a little worried about what new thing this patch will break, but I don't see how we can not un-break the AOL/AIM users we screwed over with 3.0.7 --> blocking1.9.0.8
Flags: blocking1.9.0.8? → blocking1.9.0.8+
Whiteboard: need sr=jst
Attachment #367278 - Flags: superreview?(jst) → superreview+
Pushed http://hg.mozilla.org/mozilla-central/rev/55d159b75f41
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Comment on attachment 367278 [details] [diff] [review]
This gives about:blank URIs the loader's base URI

Requesting branch approval
Attachment #367278 - Flags: approval1.9.0.8?
Depends on: 483748
Right and I didn't notice that this hadn't baked on trunk and so was breaking there too. Totally backed out.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #367278 - Flags: approval1.9.0.8?
Hmm.  I'd actually run tests on that patch, I thought...

In any case, the problem is stomping on |rv| in the non-nested case in nsAboutProtocolHandler::NewChannel.  Fixed that, and relanded on m-c: http://hg.mozilla.org/mozilla-central/rev/69aa67fe3314
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
And on 1.9.1: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/780e244b9b8e

The leaks are an interesting question.  I'll look into them; I bet some code somewhere just totally fails to deal with newChannel failing... which we should fix regardless of this bug.
Attached patch 1.9.0 patch (obsolete) — Splinter Review 

        Attachment #367766 -
        Flags: approval1.9.0.8?

    
  
Keywords: fixed1.9.1

    
    

    
  
Ah, the leaks is due to NS_NewChannel assuming that the protocol handler's newChannel didn't touch the out param on failure.  Filed bug 483788 on that.

    
    

    
  
Er, and http://hg.mozilla.org/releases/mozilla-1.9.1/rev/01d135d82e30 to fix the fact that I forgot to qref on 1.9.1.

    
    

    
  
OK, the remaining leak failure was due to bug 483818 being tickled by the test.  Pushed http://hg.mozilla.org/mozilla-central/rev/66e869462475 and http://hg.mozilla.org/releases/mozilla-1.9.1/rev/73236cfcbde9 to disable that part of the test.

    
    

    
  


  

        Attachment #367766 -
        Attachment is obsolete: true

        Attachment #367799 -
        Flags: approval1.9.0.8?

        Attachment #367766 -
        Flags: approval1.9.0.8?

        Attachment #367799 -
        Flags: approval1.9.0.8? → approval1.9.0.8+

    
    

    
  
Comment on attachment 367799 [details] [diff] [review]
1.9.0 patch with the test commented out

Approved for 1.9.0.8, a=dveditz for release-drivers

    
    

    
  
Checked into CVS.
Keywords: fixed1.9.0.8

    
    

    
  
Verified FIXED in 1.9.1 using:

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.1b4pre) Gecko/20090317 Shiretoko/3.5b4pre

Replacing fixed1.9.1 keyword with verified1.9.1
Keywords: fixed1.9.1verified1.9.1

    
    

    
  
Also verified FIXED on trunk using:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090317 Minefield/3.6a1pre
Status: RESOLVED → VERIFIED

    
    

    
  
Any idea when this fix will be available to us users?  
I have dropped back to 3.0.6 so that attachments will display, and can't move to 3.0.7 because of this bug.  Thanks.

    
    

    
  
It should be available in the next security update, which is 3.0.8.

    
    

    
  
OK, thanks.   Any idea when that will be?

    
    

    
  
My estimate would be something like approximately 6 weeks.

    
    

    
  
We're targeting a release of Firefox 3.0.8 at or around April 14.

https://wiki.mozilla.org/Releases

    
    

    
  
Wonderful.  Thank you.

    
    

    
  
Verified in 1.9.0.8 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.8pre) Gecko/2009031904 GranParadiso/3.0.8pre.
Keywords: fixed1.9.0.8verified1.9.0.8

    
    

    
  
As of 3/24/09 the AOL image issue is still unresolved in Firefox 3.0.7

    
    

    
  
This issue will be fixed in Firefox 3.0.8, targeted for release in mid-April.
Whiteboard: [READ comment 55 before commenting]

    
    

    
  
Don't see this any more.
Keywords: common-issue+common-issue-

    
  
Product: Core → Core Graveyard

    
  
Product: Core Graveyard → Core

          You need to log in
          before you can comment on or make changes to this bug.