Closed Bug 504941 Opened 15 years ago Closed 15 years ago

[HTML5]Unclosed comment inside <script> causes page to appear blank

Categories

(Core :: DOM: HTML Parser, defect, P1)

x86
All
defect

Tracking

()

RESOLVED DUPLICATE of bug 503632
mozilla1.9.2a1

People

(Reporter: pr11t, Unassigned)

References

()

Details

(Keywords: testcase)

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090717 Minefield/3.6a1pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090717 Minefield/3.6a1pre

Details

Reproducible: Always

Steps to Reproduce:
1.about:config set HTML5 to true
2.close Minefield and go to SafeMode
3.open up webpage http://www.aerosnap.de.vu/
Actual Results:  
Page was Blank - White - Empty

Expected Results:  
Webpage should had been shown even in HTML5 enabled
Safemode should had disregard non-default value HTML5 - True to False

Using Windows 7 and Official Minefield Build 20090718
OS: Windows 7 → All
Confirming and setting new:

Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2a1pre) Gecko/20090717 Minefield/3.6a1pre (.NET CLR 3.5.30729) ID:20090717120342 <latest hourly available
Status: UNCONFIRMED → NEW
Component: General → HTML: Parser
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → parser
Summary: Summary → [HTML5] Aerosnap.de.vu loads blank page
Target Milestone: --- → mozilla1.9.2a1
Version: unspecified → Trunk
It's actually the frame http://aerosnap.de/ that incorrectly shows up blank.
Attached file reduced testcase
Blank only with HTML5 parser enabled.
Keywords: testcase
Summary: [HTML5] Aerosnap.de.vu loads blank page → Unclosed comment inside <script> causes page to appear blank
See also bug 503632.  Based on the direction that discussion is going, I'm not marking this as a dup.
Depends on: 503632
Summary: Unclosed comment inside <script> causes page to appear blank → [HTML5]Unclosed comment inside <script> causes page to appear blank
Depends on: 508075
I don't see a way to fix this without reparsing. If the problem is rare, I think WONTFIX plus evang is the right solution. If the problem is common, we have a serious issue with a fundamental design constraint of the spec.
What design constraint is that?  Why does <!-- inside <script> need to be treated as anything at all?
<!-- needs magic treatment inside script to mask document.write("</script>");

<script><!--
...
document.write("<script src='foo'></script>");
...
--></script>

The design constraint I meant was the constraint not to do reparsing, because reparsing would change the executability characteristics of pieces of the page if an attacker can force a premature end of file.
Note to people who are searching for dupes before filing bugs:
If you see this in the wild, please note the URL of the page here.
Interesting!  I guess strings in scripts must have "<!--", "-->", and "</script" escaped to avoid XSS, depending on whether the script already has a "<!--" and the browser version.  I used to think escaping "/" as "\/" and escaping the string delimiter was enough.

I like the no-reparsing constraint, though.
I wrote up a relatively radical proposal for a fix:
http://wiki.whatwg.org/wiki/CDATA_Escapes
Priority: -- → P1
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: