Closed Bug 1328984 Opened 8 years ago Closed 3 years ago

Dropping an <img> tag into content exposes application/x-moz-nativeimage as a string

Categories

(Core :: DOM: Copy & Paste and Drag & Drop, defect, P3)

Product:
Core
Component:
DOM: Copy & Paste and Drag & Drop
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1728425
Tracking Flags:
Tracking Status
geckoview66 --- wontfix
firefox-esr60 --- wontfix
firefox64 --- wontfix
firefox65 --- wontfix
firefox66 --- wontfix
firefox67 --- wontfix
firefox68 --- wontfix
firefox69 --- wontfix
firefox72 --- wontfix

People

(Reporter: nika, Unassigned)

Details

(Whiteboard: [iris])

Dragging and Dropping an <img> tag exposes application/x-moz-nativeimage and application/x-moz-file-promise types to content. In non-e10s or on windows, these values are inaccessible and appear as "null" data transfer items. On OS X and Linux e10s, the application/x-moz-nativeimage is given the type "string" and contains a large string which I would suspect contains the raw data for the underlying image. I imagine that these types, and other x-moz types exposed when dropping an <img> tag, should be hidden from non-chrome code.
Priority: -- → P3

:ccomorasu has noticed that Windows e10s is now also affected by this issue. I'm guessing something in the OS has changed to cause the data types used for these native images to now be strings.

We should probably still hide these data types from web content, perhaps by tagging them with SetChromeOnly(true): https://searchfox.org/mozilla-central/rev/465dbfe030dfec7756b9b523029e90d48dd5ecce/dom/events/DataTransferItemList.cpp#396 -- we'd probably change the check here: https://searchfox.org/mozilla-central/rev/465dbfe030dfec7756b9b523029e90d48dd5ecce/dom/ipc/ContentChild.cpp#3040-3044

ni? neil to see if this seems reasonable.

Flags: needinfo?(enndeakin)

I could reproduce this issue using:

  • Fx 66.0a1
  • Fx 65.0
  • Fx 60.5.0esr

On the following platforms:

  • Windows 10 x64
  • Ubuntu 16.04 LTS
  • macOS 10.13.6.

I could not find a regression range as builds that have previously passed the test now fail it. Below there are the testing details:

Steps to reproduce:

  1. Start Firefox and visit https://mystor.github.io/dragndrop/.
  2. Select drop-image-data from the demopage.
  3. In a new window visit a webpage with many images: https://1stwebdesigner.com/image-file-types/.
  4. Select a image from the website and drag it in the Drop Stuff Here! area from the demo.

Expected result:

  • Matching appears under the Drop Stuff Here area.

Actual result:

  • Not Matching appears under the Drop Stuff Here area.
QA Contact: cristian.comorasu
Has STR: --- → yes
status-firefox64: --- → affected
status-firefox65: --- → affected
status-firefox66: --- → affected
status-firefox-esr60: --- → affected
status-geckoview66: --- → affected
OS: Unspecified → All
Hardware: Unspecified → All
Version: unspecified → Trunk
Whiteboard: [iris]
Component: DOM → DOM: Core & HTML

Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Hi,

I have managed to reproduce this issue on latest latest Nightly build 68.0a1 (2019-05-06) using Ubuntu 18.04

status-firefox68: --- → affected

Reproducible in the Latest Nightly 69.0a1 (2019-07-01).

status-firefox69: --- → affected

Reproducible in the latest Nightly 72.0a1 (2019-11-25).

status-firefox72: --- → affected

Lets' fold this into bug 1728425.

No longer blocks: 1312120
Status: NEW → RESOLVED
Closed: 3 years ago
Component: DOM: Core & HTML → DOM: Copy & Paste and Drag & Drop
Flags: needinfo?(enndeakin)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.