Closed
Bug 758162
Opened 12 years ago
Closed 3 years ago
Need to do double encoding of URL query string in extension
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: ashraf, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Build ID: 20120423122624
Steps to reproduce:
Adding an SWF via this JS code:
var key = "a+b";
var tmp = document.createElementNS("http://www.w3.org/1999/xhtml","embed");
tmp.id = "testing";
tmp.name = "testing";
tmp.src = "chrome://testing.swf?key=" + encodeURIComponent(key);
tmp.allowscriptaccess = "always";
document.getElementById("whatever").appendChild(tmp);
Actual results:
When doing trace(key) inside version.swf, I'm getting "a b", encoding's not doing its magic
Expected results:
I should get "a+b" (note that if I double encode the key, trace give me the expected "a+b"). Also note it's not a flash player bug, testing it outside the extension works with single encoding.
Are you able to reproduce this in Firefox 15? nightly.mozilla.org
Component: Untriaged → General
QA Contact: untriaged → general
Can you compare what happens in the latest Chrome? Also, can you please confirm what version of Flash you are using? You can get this information from Tools > Addons > Plugins or by simply loading about:plugins in a tab.
Version: 12 Branch → Trunk
It's Flash Player Debugger 11.1 r102, as to latest Chrome, I'm not sure what you mean by testing it on latest Chrome. I don't use Chrome browser. This is a firefox extension. The code above is inside an overlay (outside the visible browser). Notice that I've tested the code on Windows & Linux. And on different Player versions. Same code inside regular javascript works fine. So it has to be related to the fact that this code is inside a firefox extension.
Component: General → Untriaged
Version: Trunk → 12 Branch
Any updates on this? Can I provide you some test code to test this? I can provide a bogus extension with minimal code to showcase the problem.
|
||
Comment 6•11 years ago
|
||
ominds, if you can still reproduce this issue in current Firefox versions, please do attach to this bug an extension that showcases the problem.
Flags: needinfo?(ashraf)
(In reply to Ioana Budnar, QA [:ioana] from comment #6) > ominds, if you can still reproduce this issue in current Firefox versions, > please do attach to this bug an extension that showcases the problem. This really is too simple to warrant an extension upload. Just look at this code snippet in my extension (FlashFirebug) var tmp = document.createElementNS("http://www.w3.org/1999/xhtml","embed"); tmp.src = "chrome://flashbug/content/version.swf?email=" + encodeURIComponent(encodeURIComponent(email)) + "&key=" + encodeURIComponent(encodeURIComponent(key)) + "&sender=" + sender + "&callFlashPlayerReady=true"; Firebug.chrome.$("ffbugversion").appendChild(tmp); Notice I'm double encoding the email and key. And yes, it's still a problem. Finally, fixing this would affect all extensions so you should be careful (mine would break if this is fixed)
Flags: needinfo?(ashraf)
|
|
||
Updated•11 years ago
|
Component: General → Extension Compatibility
|
||
Comment 8•11 years ago
|
||
You want the Flash object to get an encoded string? If so, it makes sense to me that you need to double encode. The parameter should be decoded once when passed to the Flash object, since the encoding is only there to avoid problems parsing the URL string.
In my Chrome extension I single encode the parameters with the same SWF file. I don't do any decoding inside the SWF at all. I haven't tested, but if I were doing an AJAX call and sending the parameters via GET, I would single encode them, not double encode them. I don't understand why you'd need to double encode a parameter, just figuring out the problem was quite puzzling in itself. Notice again that I'm reading the parameters AS IS inside the SWF, no decoding, since this is only required for & characters that would break my URL. Example, say I'm passing these values something somethingwith&insideit param1=something¶m2=somethingwith&insideit I need to encode "somethingwith&insideit" so that the SWF would not think that "insideit" is a separate GET param (same with AJAX). Why would I want to double encode "somethingwith&insideit"?
|
|
||
Updated•11 years ago
|
Component: Extension Compatibility → Plug-ins
Product: Firefox → Core
|
||
Comment 10•11 years ago
|
||
Is this only a problem when you're using chrome URLs? Or creating the plugin in a chrome document? I'm unlikely to prioritize this, but I'll happily give you links to the places you might want to add breakpoints in a debugger to figure out whether the bug is in Firefox or in the Flash player. Also we're considering disabling plugins in chrome documents entirely, so if this is only an issue in chrome documents it may just end up WONTFIX.
|
Reporter | |
Comment 11•11 years ago
|
||
I haven't tested this in the browser. But it should be easy to test. I'll test it and get back to you soon on this. As to disabling plugins in chrome. WHY??? I'm not sure weather I can work around this restriction and get my extension back up :) Also, what would this change be solving?
|
||
Comment 12•3 years ago
|
||
Resolving as wont fix, plugin support deprecated in Firefox 85.
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
|
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•