Closed Bug 944616 Opened 11 years ago Closed 9 years ago

Blob URLs don't allow query or fragment parts

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
25 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla44
Tracking Flags:
Tracking Status
firefox44 --- fixed

People

(Reporter: bugzilla, Assigned: baku)

References

Details

Attachments

(1 file, 1 obsolete file)

blob.patch
3.80 KB, patch
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0 (Beta/Release)
Build ID: 20131025151332

Steps to reproduce:

See this JSFiddle:

http://jsfiddle.net/boldewyn/vLNvA/

Create a new Blob, create its URL via window.URL.createObjectURL(), append a query, +'?foo=bar'. Use the URL, e.g. in window.open().


Actual results:

Error: Access to 'blob:91eb9c99-bf11-45aa-85a4-829157958d95?a' from script denied

and likewise for fragments.


Expected results:

The URI should have been loaded with query and fragment determined correctly.
By the way, Firefox is already doing better than Chrome, where this problem also extends to data: URIs: https://code.google.com/p/chromium/issues/detail?id=123004
I tested with the latest Nightly, the testcase opens 2 tabs:
blob:ea657363-d482-46d8-95de-511e59a7739d
&
blob:ea657363-d482-46d8-95de-511e59a7739d#a (with the 1st line "Lorem" in yellow)

Is it the normal behavior?

If yes, could you install Nightly and confirm it's fixed on your side too, please.
http://nightly.mozilla.org/
Flags: needinfo?(bugzilla)
No, not fully unfortunately. (Two out of three, to be precise.) I updated the description in the fiddle.

First tab is normal behaviour, works like a charm.

Second tab is missing: That's appending a query '?a' to the Blob URL. The console shows error "Access to blob denied".

Third tab in Nightly works now perfectly, too: fragment '#a' added to Blob URL, the CSS :target selector is activated.
Flags: needinfo?(bugzilla)
Thanks for the feedback.
It works partially in FF27+ due to bug 920877.

CC'ing devs about the remaining issue (Error: Access to 'blob:5c5ce277-be2a-4630-bcc9-4b4c79aa2a2e?a' from script denied).
Component: Untriaged → DOM
Depends on: 920877
Flags: needinfo?(phchang)
Product: Firefox → Core
That's the same error you'd get for any invalid blob: value, right?  As in, we tried to find a same-origin blob with that id and there isn't one...

Whether the value should be chopped off at '?' is the relevant question, I would think.
http://dev.w3.org/2006/webapi/FileAPI/#DefinitionOfScheme
> A valid blob: URL must not have a query.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Interesting, thanks! Of course then the blob: “URI” is no URI in the sense of RFC 3986, which allows it explicitly in the generic case. That should be escalated as an upstream bug at W3C for the File API. (Let’s see, where I’ve put that W3C password...)
Spec got changed.

Note that we need fragment support for SVG-in-a-blob.
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: INVALID → ---
Any update on this bug? I am still receiving an error for adding a query string to my blob url:

"Security Error: Content at http://mydomain.com may not load data from blob:http://mydomain.com/4632d7b7-eb78-41d5-b046-cdc1328229c9?type=mytype."

As stated By Boris, the specs changed and are no longer actively banning query strings.

Should their integration be considered?
It needs to be done, not considered.  The problem is finding someone with time to do it.

Andrea, do you have time for this?
Flags: needinfo?(amarchesini)
Attached patch blob.patch (obsolete) — Splinter Review 
Flags: needinfo?(amarchesini)

        Attachment #8673635 -
        Flags: review?(bzbarsky)

    
  
Assignee: nobody → amarchesini

    
    

    
  
Comment on attachment 8673635 [details] [diff] [review]
blob.patch

>+  // Let's remove any fragment from this URI.

Well, fragment and query, right?

>+  nsAutoCString uriIgnoringFragment;

uriIgnoringFragmentAndQuery?

But also, I'm not sure we want this at all; see below.

>+  int32_t hasFragmentPos = aUri.FindChar('?');

No, the "fragment" is the thing that comes after the '#'.  The thing that comes after the '?' is the "query".  Please fix up the naming throughout as needed.

>+    pos = hasHashPos <= hasFragmentPos ? hasHashPos : hasFragmentPos;

Please use std::min.

>+  gDataTable->Get(uriIgnoringFragment, &res);

So... Get() takes, I believe, an nsACString.  So you could do:

  if (pos < 0) {
    gDataTable->Get(aUri, &res);
  } else {
    gDataTable->Get(StringHead(aUri, pos), &res);
  }

and probably save some string copies...

>+[test_blob_fragment.html]

test_blob_fragment_and_query.html, really.

r=me.  Thank you!

        Attachment #8673635 -
        Flags: review?(bzbarsky) → review+

    
    

    
  

      
      
      
      

        Attached patch
          
          
        blob.patchSplinter Review
      

    


  

        Attachment #8673635 -
        Attachment is obsolete: true

    
  
Keywords: checkin-needed

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/73f8f4985df4
Status: REOPENED → RESOLVED
Closed: 11 years ago9 years ago

          status-firefox44:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: