User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090717 Minefield/3.6a1pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090717 Minefield/3.6a1pre
Steps to Reproduce:
1.about:config set HTML5 to true
2.close Minefield and go to SafeMode
3.open up webpage http://www.aerosnap.de.vu/
Page was Blank - White - Empty
Webpage should had been shown even in HTML5 enabled
Safemode should had disregard non-default value HTML5 - True to False
Using Windows 7 and Official Minefield Build 20090718
Confirming and setting new:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090717 Minefield/3.6a1pre (.NET CLR 3.5.30729) ID:20090717120342 <latest hourly available
It's actually the frame http://aerosnap.de/ that incorrectly shows up blank.
Created attachment 389243 [details]
Blank only with HTML5 parser enabled.
See also bug 503632. Based on the direction that discussion is going, I'm not marking this as a dup.
I don't see a way to fix this without reparsing. If the problem is rare, I think WONTFIX plus evang is the right solution. If the problem is common, we have a serious issue with a fundamental design constraint of the spec.
What design constraint is that? Why does <!-- inside <script> need to be treated as anything at all?
<!-- needs magic treatment inside script to mask document.write("</script>");
The design constraint I meant was the constraint not to do reparsing, because reparsing would change the executability characteristics of pieces of the page if an attacker can force a premature end of file.
Note to people who are searching for dupes before filing bugs:
If you see this in the wild, please note the URL of the page here.
Interesting! I guess strings in scripts must have "<!--", "-->", and "</script" escaped to avoid XSS, depending on whether the script already has a "<!--" and the browser version. I used to think escaping "/" as "\/" and escaping the string delimiter was enough.
I like the no-reparsing constraint, though.
I wrote up a relatively radical proposal for a fix:
*** This bug has been marked as a duplicate of bug 503632 ***