Closed
Bug 527635
Opened 15 years ago
Closed 14 years ago
Late document.write() blows away the document on dabs.com when UA string doesn't contain "Firefox"
Categories
(Tech Evangelism Graveyard :: English Other, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: hsivonen, Unassigned)
References
()
Details
Steps to reproduce: 1) Set html5.enable to true 2) Load http://www.dabs.com/ Actual results: A late document.write for a verisign badge blows away the document. Expected results: For Web compat, expected not to blow away the document. Additional info: This happens with and without the patch for bug 503473.
Reporter | ||
Updated•15 years ago
|
URL: http://www.dabs.com/
Reporter | ||
Comment 1•15 years ago
|
||
As far as I can tell, the behavior here is per spec. dabs.com includes the script https://seal.globalsign.com/SiteSeal/gs_image_100-50_en.js as a defer script and the script calls document.write(). So what are we going to do about it? Shall we assume that this is an isolated case and contact the site? Shall we hack document.write() from defer scripts into a no-op or make it throw? I'd really like to avoid making defer scripts actually write to the stream since doing that would complicate the EOF handling with the speculative HTML5 parser.
Reporter | ||
Comment 2•15 years ago
|
||
The Verisign script has ss_defer_enabled = ss_msie || ss_ff35higher; Maybe we should contact Verisign.
Reporter | ||
Comment 3•15 years ago
|
||
s/Verisign/GlobalSign/
Reporter | ||
Comment 4•15 years ago
|
||
The site works if I spoof the UA string as Firefox/3.5.
How come it doesn't break in IE? I thought doc.write in a deferred script blew away the doc there too.
Reporter | ||
Comment 6•15 years ago
|
||
(In reply to comment #5) > How come it doesn't break in IE? I thought doc.write in a deferred script blew > away the doc there too. They sniff for IE and Firefox 3.5 or later. They take the code path that works with defer only in browsers that sniff as IE or Firefox 3.5 (and Minefield doesn't sniff as Firefox 3.5). I spoofed Minefield as Firefox/3.7.1, and the page wasn't blown away, so this issue isn't going to be visible in Firefox release builds. However, this is still a problem for other Gecko-based browsers and any other browser that tries to implement defer. I think this bug should go over to Tech Evangelism now.
Updated•15 years ago
|
Assignee: nobody → english-other
Component: HTML: Parser → English Other
Product: Core → Tech Evangelism
QA Contact: parser → english-other
Version: Trunk → unspecified
Reporter | ||
Comment 7•15 years ago
|
||
Resummarizing for Tech Evangelism: The script https://seal.globalsign.com/SiteSeal/gs_image_100-50_en.js is meant to be included via <script src="https://seal.globalsign.com/SiteSeal/gs_image_100-50_en.js" defer="defer">. (Presumably, it would be hard to make all references to the script remove the defer attribute.) When called from a defer script, document.write() blanks the document in browsers that correctly support defer. The script calls document.write() unless it sniffs the browser as IE, as Firefox 3.5 or later or as Netscape Navigator 4. This means the unsafe code runs in any 'unknown' browser that supports defer (currently any non-Firefox Gecko-based browser but in the future potentially also non-Gecko browsers). The correct remedy is never to call document.write() in that script. The script already returns early for MSIE 4 and Netscape 4, and the non-document.write() code path should work fine in MSIE 5 or later, any Gecko-based browser, any WebKit-based browser and version of Opera since Opera 7 and in any standards-based unknown browser.
Reporter | ||
Updated•15 years ago
|
Summary: [HTML5] Late document.write() blows away the document on dabs.com → Late document.write() blows away the document on dabs.com when UA string doesn't contain "Firefox"
Reporter | ||
Comment 8•14 years ago
|
||
Looks like this site has fixed itself.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Updated•9 years ago
|
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•