Closed
Bug 723388
Opened 12 years ago
Closed 12 years ago
Sites depending on cross domain iframe ajax requests are affected by incorrect Array.isArray() behavior
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 714547
People
(Reporter: neil, Assigned: Waldo)
References
Details
(Keywords: regression)
Attachments
(1 file)
765 bytes,
text/html
|
Details |
Our site, groupme.com, received multiple complaints from users who had been upgraded to Firefox 10 last night that they could no longer see messages on our website. We traced it back to this issue with Array.isArray() https://gist.github.com/1721221 As you can see in this minimal case, Array.isArray returns false for arrays created in an iframe served from a subdomain and accessed via a shared document.domain The javascript on our page is using Array.isArray to determine how to process our API responses. I imagine we are not the only site affected by this, as many sites rely on cross domain iframes to communicate with their own site's API. Let me know if you have any questions or need any more details, thanks!
Reporter | ||
Updated•12 years ago
|
Summary: Sites depending on cross domain iframe ajax requests are → Sites depending on cross domain iframe ajax requests are affected by incorrect Array.isArray() behavior
Comment 1•12 years ago
|
||
As Neil points out, this is a common pattern used in cross-domain JavaScript development. Our site, Disqus (http://disqus.com), is similarly affected. Our recourse right now is to remove any code that uses Array.isArray since we can't trust the result on Firefox 10.
Updated•12 years ago
|
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Firefox → Core
QA Contact: general → general
Assignee | ||
Comment 2•12 years ago
|
||
Hmm. An attempt at a shell testcase doesn't fail on trunk, although that might just mean the test wasn't sufficiently similar. I'll investigate further.
Assignee: general → jwalden+bmo
OS: Mac OS X → All
Hardware: x86 → All
Comment 3•12 years ago
|
||
Presumably the issue is isArray on a security wrapper around an actual array, right? I'm not sure how you'd test that in the shell... I'm also not sure why the behavior here would have changed for Fx10.
Status: UNCONFIRMED → NEW
status-firefox10:
--- → affected
tracking-firefox10:
--- → ?
tracking-firefox11:
--- → ?
tracking-firefox12:
--- → ?
tracking-firefox13:
--- → ?
Ever confirmed: true
Comment 6•12 years ago
|
||
Comment 7•12 years ago
|
||
I think this is a dup of bug 714547 which is fixed on nightly and aurora. Can you confirm this fix? If so perhaps we can backport the patch to beta so that the fix comes out with FF 11.
Comment 8•12 years ago
|
||
Yeah, worked on nightly and aurora but broken on beta and release. Please nominate beta approval.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Comment 9•12 years ago
|
||
Not tracking because this is now fixed on all non-release branches in bug 714547.
Comment 10•12 years ago
|
||
We've fixed this by hardcoding a monkeypatch to the previous buildID. You guys did another release and the site broke again for our customers. We don't want to monkeypatch isArray for all browsers -- is there a chance there will be another release without this bug fix?
Comment 11•12 years ago
|
||
There is always a chance that we'll need to ship a release to fix a zero-day security bug. What exactly does your buildID test look like?
Comment 12•12 years ago
|
||
Now it's: if (parseInt(navigator.buildID) >= 20120129021758) shim... Classy.
Assignee | ||
Comment 13•12 years ago
|
||
Firefox 11 should fix this, so waiting until then is the default possibility. The current plan is to not fix Firefox 10, which would mean there'd be an extended-support release with this issue for the next year-ish. I'm not convinced that's the right decision, given that Array.isArray being broken this way isn't an edge case but rather a fundamental flaw in the implementation. So I'm appealing that decision now. Whether that appeal will be successful, who knows. Keep an eye on bug 714547 for what happens on that front.
Comment 14•12 years ago
|
||
John, testing navigator.buildID that way is fundamentally broken. I'd recommend testing the Gecko version for starting with "10.0" for the moment...
Comment 15•12 years ago
|
||
K. I'm using navigator.userAgent now instead. Is there a better way to get the Gecko version?
Comment 16•12 years ago
|
||
Unfortunately, no.
You need to log in
before you can comment on or make changes to this bug.
Description
•