[HTML5]Unclosed comment inside <script> causes page to appear blank

RESOLVED DUPLICATE of bug 503632

Status

()

Core
HTML: Parser
P1
normal
RESOLVED DUPLICATE of bug 503632
8 years ago
7 years ago

People

(Reporter: Priit Uring, Unassigned)

Tracking

({testcase})

Trunk
mozilla1.9.2a1
x86
All
testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090717 Minefield/3.6a1pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090717 Minefield/3.6a1pre

Details

Reproducible: Always

Steps to Reproduce:
1.about:config set HTML5 to true
2.close Minefield and go to SafeMode
3.open up webpage http://www.aerosnap.de.vu/
Actual Results:  
Page was Blank - White - Empty

Expected Results:  
Webpage should had been shown even in HTML5 enabled
Safemode should had disregard non-default value HTML5 - True to False

Using Windows 7 and Official Minefield Build 20090718
(Reporter)

Updated

8 years ago
OS: Windows 7 → All
Confirming and setting new:

Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090717 Minefield/3.6a1pre (.NET CLR 3.5.30729) ID:20090717120342 <latest hourly available
Status: UNCONFIRMED → NEW
Component: General → HTML: Parser
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → parser
Summary: Summary → [HTML5] Aerosnap.de.vu loads blank page
Target Milestone: --- → mozilla1.9.2a1
Version: unspecified → Trunk

Comment 2

8 years ago
It's actually the frame http://aerosnap.de/ that incorrectly shows up blank.

Comment 3

8 years ago
Created attachment 389243 [details]
reduced testcase

Blank only with HTML5 parser enabled.

Updated

8 years ago
Keywords: testcase

Updated

8 years ago
Summary: [HTML5] Aerosnap.de.vu loads blank page → Unclosed comment inside <script> causes page to appear blank

Comment 4

8 years ago
See also bug 503632.  Based on the direction that discussion is going, I'm not marking this as a dup.
Depends on: 503632
Summary: Unclosed comment inside <script> causes page to appear blank → [HTML5]Unclosed comment inside <script> causes page to appear blank
Blocks: 373864
Depends on: 508075
I don't see a way to fix this without reparsing. If the problem is rare, I think WONTFIX plus evang is the right solution. If the problem is common, we have a serious issue with a fundamental design constraint of the spec.

Comment 6

8 years ago
What design constraint is that?  Why does <!-- inside <script> need to be treated as anything at all?
<!-- needs magic treatment inside script to mask document.write("</script>");

<script><!--
...
document.write("<script src='foo'></script>");
...
--></script>

The design constraint I meant was the constraint not to do reparsing, because reparsing would change the executability characteristics of pieces of the page if an attacker can force a premature end of file.
Note to people who are searching for dupes before filing bugs:
If you see this in the wild, please note the URL of the page here.

Comment 9

8 years ago
Interesting!  I guess strings in scripts must have "<!--", "-->", and "</script" escaped to avoid XSS, depending on whether the script already has a "<!--" and the browser version.  I used to think escaping "/" as "\/" and escaping the string delimiter was enough.

I like the no-reparsing constraint, though.
I wrote up a relatively radical proposal for a fix:
http://wiki.whatwg.org/wiki/CDATA_Escapes
Priority: -- → P1
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 503632
You need to log in before you can comment on or make changes to this bug.