If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Firefox ESR 17.0.3 is not properly encoding selectlist option values.

UNCONFIRMED
Unassigned

Status

()

Core
Serializers
UNCONFIRMED
5 years ago
5 years ago

People

(Reporter: Kristian, Unassigned)

Tracking

17 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Created attachment 721755 [details]
firefox.html

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
Build ID: 20130215125822

Steps to reproduce:

When setting Option Values via JavaScript Firefox should properly encode all items (e.g. <, >, and &) and not just ampersand (&).
By encoding only ampersand (&) users are then unable to properly encode option values by setting the value to something like '1&lt;2'


Actual results:

Attached is a simple webpage demonstraiting this.  The string '&lt;&gt;&<>&' is added to Option text and value via HTML and JavaScript (multiple ways).

JavaScript Output is as follows:
Option1: 
	innerHTML:&lt;&gt;&amp;&lt;&gt;&amp;
	value:<>&<>&

Option2: 
	innerHTML:&lt;&gt;&amp;&lt;&gt;&amp;
	value:&lt;&gt;&<>&

Option3: 
	innerHTML:&amp;lt;&amp;gt;&amp;&lt;&gt;&amp;
	value:&lt;&gt;&<>&

Select innerHTML:
      <option id="option1" value="<>&amp;<>&amp;">&lt;&gt;&amp;&lt;&gt;&amp;</option>
      <option value="&amp;lt;&amp;gt;&amp;<>&amp;" id="option2">&lt;&gt;&amp;&lt;&gt;&amp;</option>
      <option value="&amp;lt;&amp;gt;&amp;<>&amp;">&amp;lt;&amp;gt;&amp;&lt;&gt;&amp;</option>


Expected results:

Previous Firefox versions ESR-10 returned Option Values in an encoded state (e.g. > was returned as &gt;)

If this were working correctly each Option should have the same text and value.  (This worked in version ESR-10).

Updated

5 years ago
Attachment #721755 - Attachment mime type: text/plain → text/html

Comment 1

5 years ago
Is it a dupe of bug 788444?
Component: Untriaged → Serializers
Product: Firefox → Core
You need to log in before you can comment on or make changes to this bug.