87408 - Page info should display the form data posted to a page

Status: RESOLVED WONTFIX

(SeaMonkey :: Page Info, enhancement)

Description

[Joseph Wang]

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:0.9.1+) Gecko/20010622
BuildID:    2001062212

There should be a way of displaying what information was posted
to a page.  This is important for people who are writing web
robots, and is also useful for debuging.  both lynx and netscape
4 has this functionality

Reproducible: Always
Steps to Reproduce:
1.Go to a page with post
2.Submit the page
3.Get a new page back
4. No idea what was submitted to get that page

Actual Results:  Under page info there should be a box saying what was posted
to generate a page

Comment 1

[doctor__j]

Just paranoid thought flashing in my mind...

Security issues (user passwords, credit card #, etc...) there??

Comment 2

[Daniel Brooks [:db48x]]

I'm not entirely sure I see where this information is presented in ns4.7x. Both
ns4.7x and mozilla show the entire url, which is usually enough to show all the
form fields submitted, though not always. The patch I've attached to bug 52730
goes further and shows all the forms on the current page, and what fields will
be submitted, as well as their current values. It's not quite the same, but very
similar.

Comment 3

[Asa Dotzler [:asa]]

->XPApps GUI Features

Comment 4

[timeless]

Bug processed has the following structure:

      http://bugzilla.mozilla.org/process_bug.cgi
            Form 1:
                  Action URL: http://bugzilla.mozilla.org/show_bug.cgi
                  Encoding: application/x-www-form-urlencoded (default)
                  Method: Get
            Image: http://www.mozilla.org/images/mozilla-banner.gif
</nc4output>
I don't see whatever the reporter thought nc4 did, but pageinfo is daniel's 
sandbox.

Comment 5

[Keyser Sose]

Marking NEW.

Comment 6

[Christopher Aillon (sabbatical, not receiving bugmail)]

*** Bug 106971 has been marked as a duplicate of this bug. ***

Comment 7

[sairuh (rarely reading bugmail)]

mass moving open bugs pertaining to page info to pmac@netscape.com as qa contact.

to find all bugspam pertaining to this, set your search string to
"BigBlueDestinyIsHere".

Comment 8

[Christopher Aillon (sabbatical, not receiving bugmail)]

Note that a potential(?) security risk is taken here when displaying POST data
on a page which has username/password data posted to it.  This is the type of
issue that we tried to avoid in bug 121792.... So, do we want to fix this?

Comment 9

[Joe M]

With username/password, the password field is usually set as such. Maybe
password fields could have a little message, like "passwords unavailable".
Anything that can be seen in cleartext before the form is submitted is not
likely to be so sensitive that it shouldn't be accessed in the page generated by
that form, IMO. Anyway, I think this feature would be quite useful.

Comment 10

[Joe M]

bug 121792 covered a similar issue, as far as sensitivity of passwords. imo, it
would be best to follow suit, if this feature goes in.

Comment 11

[Dan Allen]

What about splitting off the GET parameter names and values into a table similar
to how a form about to be submitted is summarized?  One could always scroll
through the entire query string in the URL bar or in the URL element, but it is
a pain in the neck.  Underneath the "meta" section perhaps another section could
be created to show these name/value pairs.  It would be extremely helpful for
development.

Comment 12

[Philip Chee]

This is extension fodder e.g.
<http://xsidebar.mozdev.org/modified.html#urlparams>
WONTFIX.