517687 - JavaScript Security Error on Search Results Page

Status: VERIFIED FIXED

(addons.mozilla.org Graveyard :: Search, defect)

Description

[DS]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Build Identifier: 

Sorry about that summary. :)
When searching at AMO the "Search for Add-ons" properly disappears when you click on the search box.  However, "Search for Add-ons" and the search term you used get mashed up on the results page.

See attached image.

See http://forums.mozillazine.org/viewtopic.php?f=48&t=1490845 for more information.

Reproducible: Always

Steps to Reproduce:
1.Go to the AMO home page and search for something
2.Click on the search button
3.
Actual Results:  
Results page has both the search term and "Search for Add-ons" mashed up in the search box.

Expected Results:  
Seeing only the search term.

Same things happens when viewing the page in safe mode.

See http://forums.mozillazine.org/viewtopic.php?f=48&t=1490845 for more information.

Comment 1

[DS]

Attachment: Image showing the problem

Comment 2

[Milos Dinic [:Milos]]

I can't reproduce it on Fx 3.5.3, Linux x86_64. Maybe someone else can.

Comment 3

[Ken Saunders]

I can reproduce this in Vista

Comment 4

[Ken Saunders]

Attachment: AMO search field

Comment 5

[PL]

I also can reproduce it.

Vista Home Premium SP2 - Fx 3.5.3

Comment 6

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

Dupe of bug 476953?

Comment 7

[DS]

Yep.  I think you are right.

Comment 8

[Dave Garrett]

Yeah, compare screenshots:
bug 476953 -> attachment 360600 [details]
bug 515373 -> attachment 399481 [details]
this bug   -> attachment 401636 [details]

Initial label isn't going away. New skin, same bug.

Comment 9

[Fred Wenzel [:wenzel]]

This is not the same as bug 476953, reopening. Anyone have some info from their JS error console? I get a security error, but I cannot reproduce on a clean profile, so I am suspecting one of my add-ons is at fault.

Comment 10

[Wil Clouser [:clouserw]]

We need errors or a way to reproduce this to fix it.

Comment 11

[DS]

This is the error I get.

Error: uncaught exception: [Exception... "Security error"  code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location: "https://addons.mozilla.org/js/amo2009/collections.js Line: 144"]

I also get a number of warnings, mostly to "(some item)-radius" being dropped.

None radius warnings (in order)

Warning: Error in parsing value for 'filter'.  Declaration dropped.
Source File: https://addons.mozilla.org/css/amo2009/style.min.css?52492
Line: 1

Warning: Error in parsing value for 'display'.  Declaration dropped.
Source File: https://addons.mozilla.org/css/amo2009/style.min.css?52492
Line: 1 (Twice)

Warning: Unknown property 'box-orient'.  Declaration dropped.
Source File: https://addons.mozilla.org/css/amo2009/style.min.css?52492
Line: 1

Warning: Unknown property 'box-align'.  Declaration dropped.
Source File: https://addons.mozilla.org/css/amo2009/style.min.css?52492
Line: 1

Warning: Unknown property 'box-flex'.  Declaration dropped.
Source File: https://addons.mozilla.org/css/amo2009/style.min.css?52492
Line: 1

Warning: Unknown pseudo-class or pseudo-element 'first'.
Source File: https://addons.mozilla.org/en-US/firefox/search?q=toolbars&cat=all
Line: 0

Comment 13

[Jeff Balogh (:jbalogh)]

Please post your browser info and installed add-ons if you can reproduce this error.  I haven't ever seen it, which makes fixing the problem kind of difficult.

Comment 14

[Fred Wenzel [:wenzel]]

My list of activated add-ons is (sorry, long):
- Adblock Plus
- Add-on Collector
- CacheViewer
- ColorZilla
- Delicious Bookmarks
- DownThemAll
- Firebug
- Firefox PDF Plugin for Mac OS X
- ForecastFox
- GCal Popup
- Greasemonkey
- Jetpack
- Locationbar^2
- Mass Password Reset
- Personas
- Pixlr
- ReloadEvery
- Shorten URL
- StumbleUpon
- Tamper Data
- Textarea Cache
- URL Fixer
- User Agent Switcher
- Weave
- Web Developer (Toolbar)

If other affected people do the same, we might be able to nail down the likely culprit (or combination of them). Again, it doesn't happen to me on a fresh profile, just on my day-to-day one.

Comment 15

[DS]

BBCodeXtra 0.2.5.6
Clippings 3.1
Crash Report Helper 1.1
DownloadHelper 4.6.4
Greasemonkey 0.8.20090920.2
Nightly Tester Tools 2.0.2
NoScript 1.9.9.11
pwgen 0.2 [DISABLED]
Silvermel and Charamel XT 1.3.0
Toggle Private Browsing 1.8
US Department of Homeland Insecurity Idiocy Level 0.1.2.4.44wot001
User Agent Switcher 0.7.2
Vacuum Places Improved 1
Web2PDF converter 1.0

Theme: Silvermel

However, as noted in the first post the same thing happens in safe mode.

Comment 16

[Ken Alcock]

I can also confirm this behavior.
----------------------------------------
Web Page: Add-ons for Firefox
URL: https://addons.mozilla.org/en-US/firefox/
----------------------------------------

STEPS TO REPRODUCE:
----------------------------------------
01. Load the url: https://addons.mozilla.org/en-US/firefox/.
EXPECTED: The search terms field displays the text: "search for add-ons".
RESULTS: Same as EXPECTED -- CORRECT.

02. Click in the search terms field to enter search terms.
EXPECTED: The text: "search for add-ons" disappears and the field appears
empty.
RESULTS: Same as EXPECTED -- CORRECT.

03. Type search terms (say "Dictionary") in the search terms field.
EXPECTED: The typed text: "Dictionary" appears in the search terms field.
RESULTS: Same as EXPECTED -- CORRECT.

04. Execute the search by clicking the green button with white arrow.

EXPECTED:
A. The search results page displays all add-ons related to "Dictionary". 
B. The previous search terms: "Dictionary" appears in the search terms field.

RESULTS:
A. Same as EXPECTED -- CORRECT.
B. The previous search terms: "Dictionary" appears in the search terms field
but it is overlaid by the text: "search for add-ons" -- INCORRECT.

05. Click in the search terms field to enter search terms.
EXPECTED: The text: "search for add-ons" disappears and the blank appears
empty.
RESULTS: The previous search terms: "Dictionary" appears in the search terms
field but it is overlaid by the text: "search for add-ons" -- INCORRECT.

06. Type new search terms (say "RSS Feeds") in the search terms field.
EXPECTED: The typed text: "RSS Feeds" appears in the search terms field.
RESULTS: The new search terms: "RSS Feeds" appears in the search terms field
but it is overlaid by the text: "search for add-ons" -- INCORRECT.
----------------------------------------

MY CONFIG INFO
----------------------------------------
Generated: Fri Oct 23 2009 02:03:27 GMT-0400 (Eastern Daylight Time)
User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Build ID: 20090824101458

Enabled Extensions: [36]
- Adblock Plus 1.1.1
- Add to Search Bar 1.8
- All-in-One Sidebar 0.7.10
- BetterPrivacy 1.29
- Cache Status 0.7.9
- CacheViewer 0.6
- CLEO 4.2
- CodeBurner for Firefox 1.0
- ColorfulTabs 3.9.4
- Colour Contrast Analyser 1.3
- CoLT 2.4.5
- DOM Inspector 2.0.3
- FEBE 6.2
- Feed Sidebar 4.1.1
- Firebug 1.4.3
- Flashblock 1.5.11.2
- FoxTab 1.2.1
- Html Validator 0.8.5.8
- IDM CC 6.4
- IE Tab 1.5.20090525
- Java Console 6.0.16
- keyconfig 20080929
- MeasureIt 0.3.9
- Microsoft .NET Framework Assistant 0.0.0
- MR Tech Toolkit 6.0.3.4
- Nuke Anything Enhanced 1.0.2
- Open In RegEdit 0.1.2.4
- OPIE 1.2.3
- OPML Support 1.5.4
- PlainOldFavorites 1.0.3
- QuickDrag 2.0.2.1
- ScrapBook 1.3.5
- Tab Mix Plus 0.3.7.4pre.090726
- Web Developer 1.1.8
- Xmarks 3.3.3
- Yahoo! Toolbar 1.6.6.20090220

Installed Themes: [1]
- Default: http://www.mozilla.org/

Installed Plugins: (18)
- 2007 Microsoft Office system Plugin for Netscape Navigator
- Adobe PDF Plug-In For Firefox and Netscape
- BitTorrent Plugin 1
- DNA Plug-in (Delivery Network Acceleration by BitTorrent™)
- IE Tab Plug-in for Mozilla/Firefox
- Java Deployment Toolkit 6.0.160.1 NPRuntime Script Plug-in Library
- Java(TM) Platform SE Plug-in 1.6.0_16 for Mozilla browsers
- Microsoft Office Live Plug-in for Firefox v1.3
- Microsoft® Windows Media Player Firefox Plugin (np-mswmp)
- Mozilla Default Plug-in
- QuickTime Plug-in 7.6.2
- RealPlayer Version Plugin v6.0.12.448
- RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 
- Shockwave Flash v10.0 r32
- Adobe Shockwave for Director Netscape plug-in, v11.5
- Silverlight Plug-In v3.0.40818.0
- Windows Genuine Advantage v1.9.0009.1
- Windows Live® Photo Gallery (NPWLPG)
----------------------------------------

Comment 17

[Ken Alcock]

Attachment: Screen grab like others see

For me, this occurs only after first search (before first search works as expected).

Comment 18

[Fred Wenzel [:wenzel]]

I think I found the problem: in about:config, there's an option dom.storage.enabled, which for me was set to false. I don't know why -- there is probably an extension that did that without my knowledge. Anyway, if you right-click that and choose "reset", which will reenable the feature, it'll work again.

Comment 19

[Fred Wenzel [:wenzel]]

Cheng: Do you think we should write a SUMO article about this? It's a problem that'll occur on any website using local storage, if storage is disabled.

Also, I think it's a client bug. Let me file this.

Comment 20

[Fred Wenzel [:wenzel]]

I added a try/catch block to avoid the fatal error in r55923. Fixing the client is bug 527970.

Comment 21

[PL]

(In reply to comment #18)
> I think I found the problem: in about:config, there's an option
> dom.storage.enabled, which for me was set to false. I don't know why -- there
> is probably an extension that did that without my knowledge. Anyway, if you
> right-click that and choose "reset", which will reenable the feature, it'll
> work again.

Yup!  Solved the problem.  Great work!

Just curious now on which extension disabled it.

Comment 22

[DS]

The actual visual problem that I reported still exists.  My dom.storage.enabled was set to true.

Comment 23

[Stephen Donner [:stephend] Not actively reading bugmail]

DS: mind trying this on https://preview.addons.mozilla.org; thanks!

Comment 24

[Andreas Wagner [:TheOne] [use NI]]

FYI: The add-on BetterPrivacy (https://addons.mozilla.org/en-US/firefox/addon/6623) is setting dom.storage = false.

Comment 25

[DS]

(In reply to comment #23)
> DS: mind trying this on https://preview.addons.mozilla.org; thanks!


Works for me now.  Thanks!

Comment 26

[Fred Wenzel [:wenzel]]

(In reply to comment #24)
> FYI: The add-on BetterPrivacy
> (https://addons.mozilla.org/en-US/firefox/addon/6623) is setting dom.storage =
> false.

Thank you, that is most likely the culprit here.

Comment 27

[Ken Alcock]

I can no longer produce the symptoms.

Browser: Mozilla Firefox v3.5.4
BetterPrivacy Add-on v1.29 is installed
about:config dom.storage.enabled value: false

Web Site URLS attempted (in order):
--------------------------------------------
A. https://preview.addons.mozilla.org
B. https://addons.mozilla.org/en-US/firefox/

RESULTS: I no longer see overlaid text, like I did earlier.

OBSERVATIONS:

Under Tools Menu - Extensions Options - BetterPrivacy - Options Tab, there is the following option labeled "Disable DOMStorage", which is currently enabled (I have never configured any of the BetterPrivacy default settings). Perhaps this option corresponds the entry in about:config?

So could someone in-the-know summarize what the issue really is and what the fix or workaround is?  If I installed Firefox out-of-the box and then the BetterPrivacy extension, what woudl I need to do as a user to ensure that I do not see overlaid text?

Comment 28

[Fred Wenzel [:wenzel]]

I just talked to Cheng, and we don't need a SUMO article, as it is temporarily fixed on AMO now, and I also filed a bug to fix the client. If more sites start using localStorage and this error occurs more frequently, we might add it though.