Closed Bug 401662 Opened 17 years ago Closed 17 years ago

plaintext serializer includes content of <style> elements

Categories

(Core :: DOM: Serializers, defect)

Product:
Core
Component:
DOM: Serializers
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: philor, Assigned: philor)

References

(
URL
)

Details

(Keywords: regression)

Attachments

(2 files)

Fix v.1
(deleted), patch
mrbkap
: review+
mrbkap
: superreview+
damons
: approval1.9+
Details | Diff | Splinter Review
Testcase
(deleted), patch
Details | Diff | Splinter Review
Attached patch Fix v.1 (deleted) — Splinter Review 
Couple of ways to see it: copy-paste from the browser in an HTML page that includes a <style> element in the body (like the URL field), or, send or receive HTML email with a <style> element - if you compose HTML and send HTML+text, or receive HTML (like the Viagra spam of bug 401568) and view text, the content of the <style> element will wind up in the text, because the serializer didn't expect bug 308145 to stop moving misplaced <style> to the <head>.
Flags: blocking1.9?
Attachment #286641 - Flags: superreview?(mrbkap)
Attachment #286641 - Flags: review?(mrbkap)
Attachment #286641 - Flags: superreview?(mrbkap)
Attachment #286641 - Flags: superreview+
Attachment #286641 - Flags: review?(mrbkap)
Attachment #286641 - Flags: review+
Attachment #286641 - Flags: approval1.9?
Attached patch Testcase (deleted) — Splinter Review 
Oh, guess I... forgot to include this in the diff, or something.
Nice. And forgot to diff again after I noticed I had spaces instead of tabs in the makefile. Pretend that's already fixed, since it is.
Not a blocker. Might still be something we want to approve after beta.
Flags: blocking1.9? → blocking1.9-
(In reply to comment #3)
> Might still be something we want to approve after beta.

"Might"? I might not have properly explained the severity, then. Putting <style> elements in the body is incredibly common on big sites poorly assembled by crappy big-iron CMSs, so, try this for STR (from a 30 second look, there are undoubtedly much better examples in the middle of things real people would copy):

1. go to www.cnn.com
2. scroll to the bottom, right column, find the "i-Report" section, above some Google ads.
3. Select from within the i-Report section down - you'll jump over the ads, then select the word "Marketplace" in the next section.
4. Copy, then paste into an email to your computer-savvy son or daughter, because you sure aren't going to understand why you just copied and pasted

[[[
    * your spooky pets, all set for Halloween

more i-Reports »
<!-- #cnnMarketplace form, #cnnMarketplace input {margin:0; padding:0;} #cnnMarketplace img {border:0;} #cnnMarketplace {width:354px; z-index:1;background:#FFFFFF;font-size:10px; } #cnnMarketplace #cnnMarketplaceOuter_tl {width:4px; height:4px; float:left;display:inline;} #cnnMarketplace #cnnMarketplaceouter_t {width:346px; height:4px;} #cnnMarketplace #outer_tr {width:4px; height:4px; float:right;display:inline;} #cnnMarketplace #cnnMarketplaceOuter_bl {width:4px; height:4px; float:left;} #cnnMarketplace #cnnMarketplaceOuter_b {width:346px; height:4px;} #cnnMarketplace #cnnMarketplaceOuter_br {width:4px; height:4px; float:right;} #cnnMarketplace #cnnMarketplaceMaintop { height:41px;margin:5px 9px 0 9px; background:url(http://i.l.cnn.net/cnn/.element/img/2.0/content/partners/marketplace/topcorners.y.gif) top left no-repeat;} #cnnMarketplace .cnnMarketplaceTitle {font-size:22px; line-height:24px; font-weight:bold; float:left;} #cnnMarketplace #cnnMarketplaceNavbar {width:178px; height:31px; margin-top:1px; float:right;} #cnnMarketplace #cnnMarketplaceNavbar div { float:left; } #cnnMarketplace .cnnMarketplaceContent {width: 334px; height:128px; margin:0 9px; background-color:#F2F2F2; border-bottom:1px solid #E6E6E6; border-left:1px solid #CDCDCD; border-right:1px solid #CDCDCD;} #cnnMarketplace .cnnMarketplaceMainblock {width:139px; height:110px; background-image:url(http://i.l.cnn.net/cnn/.element/img/2.0/content/partners/marketplace/mainblock.gif); float:left; margin:9px;} * html #cnnMarketplace .cnnMarketplaceMainblock { margin-left:4px;display:inline; } #cnnMarketplace #cnnMarketplaceMaintext {margin:8px 0 0 0; padding:0 9px; color:#CA0002; font-weight:bold;} #cnnMarketplace .cnnMarketplaceMainblock .text {color:#3D75AC;} #cnnMarketplace .cnnMarketplaceText a{color:#3D75AC;text-decoration:none;} #cnnMarketplace .cnnMarketplaceText a:hover{color:#ca0002;text-decoration:none;} #cnnMarketplace .cnnMarketplaceSearchblock {margin:9px 6px 0px 0px; font-weight:bold; float:left; width:170px;display:inline; } /** html .cnnMarketplaceSearchblock { position:absolute; left:166px; top:70px; }*/ #cnnMarketplace #TabContent0 .cnnMarketplaceSearchblock #cform {color:#949494; text-align:right; margin:2px 2px 3px 0;} #cnnMarketplace #TabContent0 .cnnMarketplaceSearchblock #cform input {font-size:10px; color: #949494; border-top: solid 1px #999999; border-right: solid 1px #d9d9d9; border-bottom: solid 1px #d9d9d9; border-left: solid 1px #999999; width: 90px; height: 16px; padding: 1px 0px 0px 3px; margin-top: 3px;} #cnnMarketplace #TabContent0 .cnnMarketplaceSearchblock img {float:left;} #cnnMarketplace #TabContent0 #cnnDD5_wrap { width:168px; height:23px; } #cnnMarketplace #TabContent0 #cnnDD6_wrap { width:168px; height:23px; } #cnnMarketplace #TabContent1 .cnnMarketplaceSearchblock h1 { font-weight:bold; font-size:10px; margin:2px 0px 10px 0px; } #cnnMarketplace #TabContent1 .cnnMarketplaceSearchblock form { margin:0px; color:#939393; line-height:20px; } #cnnMarketplace #TabContent1 .cnnMarketplaceSearchblock form div { float:left; padding-right:10px; } #cnnMarketplace #TabContent1 .cnnMarketplaceSearchblock form select {line-height:20px; font-size:10px; color:#939393; font-weight:normal; } #cnnMarketplace .cnnLawyersContent {width: 334px; height:128px; margin:0 9px; background-color:#F2F2F2; border-bottom:1px solid #E6E6E6; border-left:1px solid #CDCDCD; border-right:1px solid #CDCDCD;} #cnnMarketplace #cnnLawyers336Middle{padding: 9px;} #cnnMarketplace #cnnLawyers336Logo{width: 139px;} #cnnMarketplace #cnnLawyers336LogoText{border-top: solid 2px #c3002d;border-bottom: solid 2px #c3002d;border-left: solid 1px #e6e6e6;border-right: solid 1px #e6e6e6;padding: 3px 10px 2px 10px;font-size: 10px;color: #000000;background-color:#FFF;} #cnnMarketplace #cnnLawyers336SearchBlock{position: absolute;top: 7px;left: 158px;font-size: 10px;color: #949494;} #cnnMarketplace .cnnMarketplaceBottom {width: 322px; margin:0 9px 5px 9px; padding:7px; background-image:url(http://i.l.cnn.net/cnn/.element/img/2.0/content/partners/marketplace/bottomcorners.gif); height:16px;} #cnnMarketplace .cnnMarketplaceBottom .more {font-weight:normal; color:#3D75AC; float:right; text-align:right; width:90px; margin-right: 2px; } #cnnMarketplace .btnSearch { float:left;padding-left:154px; } #cnnMarketplace .btnSearch input {cursor:pointer;} #cnnMarketplace .cnnMarketplaceBottom a {color:#3D75AC;text-decoration:none;} #cnnMarketplace .cnnMarketplaceBottom a:hover {color:#ca0002 ;text-decoration:none;} #cnnMarketplace .greyInput { color:#949494;font-weight:bold; } #cnnMarketplace .greyInput_active { color:#000000; } #cnnMarketplace #cnnOrbitz354Dates{position: relative; top: -77px; left: 80px;} #cnnMarketplace #TabContent1 #cnnAOL336Top{padding: 9px 6px 9px 9px;} #cnnMarketplace #TabContent1 #cnnAOL336FindBlock{margin-left:148px; font-weight: bold; font-size: 10px; color: #949494;} #cnnMarketplace #TabContent1 #cnnAOL336Find{font-size: 12px; color: #000000;} #cnnMarketplace #TabContent1 #cnnAOL336CarOptions{height: 13px; line-height: 13px;} #cnnMarketplace #TabContent1 #cnnAOL336rbNew, #cnnAOL336rbUsed{height: 12px; margin: 0px 3px 0px 0px; padding: 0px;} #cnnMarketplace #TabContent1 #cnnAOL336Bottom{border-top: solid 1px #e6e6e6; line-height: 17px; padding: 6px;} #cnnMarketplace #TabContent1 #cnnAOL336Bottom #cnnAOL336Search{padding-left: 158px;} #cnnMarketplace #TabContent1 #cnnAOL336Bottom #cnnAOL336Options{margin-left: 244px;} #cnnMarketplace #TabContent1 form { margin:0px; } #cnnMarketplace #TabContent1 #cnnDD1_wrap { width:140px; height:23px; } #cnnMarketplace #TabContent1 #cnnDD2_wrap { width:140px; height:23px; } #cnnMarketplace #TabContent2 #cnnLawyers354Middle{ position:relative; padding: 9px; background: #f2f2f2;} #cnnMarketplace #TabContent2 #cnnLawyers354Logo{width: 139px;} #cnnMarketplace #TabContent2 #cnnLawyers354LogoText{border-top: solid 2px #c3002d; border-bottom: solid 2px #c3002d; border-left: solid 1px #e6e6e6; border-right: solid 1px #e6e6e6; padding: 3px 10px 2px 10px; font-size: 10px; color: #000000;background:#FFFFFF;} #cnnMarketplace #TabContent2 #cnnLawyers354SearchBlock{position: absolute; top: 7px; left: 158px; font-size: 10px; color: #949494;} * html #cnnMarketplace #TabContent2 #cnnLawyers354SearchBlock{left: 148px;} #cnnMarketplace #TabContent2 input {font-family: Arial; font-size:10px; color: #949494; border-top: solid 1px #999999; border-right: solid 1px #d9d9d9; border-bottom: solid 1px #d9d9d9; border-left: solid 1px #999999; width: 162px; height: 16px; padding: 2px 0px 0px 3px; margin-top: 4px;} #cnnMarketplace #TabContent2 form { margin:0px; } #cnnMarketplace #cnnDD3_wrap { width:168px; height:23px; } #cnnMarketplace #cnnDD4_wrap { width:168px; height:23px; } #cnnMarketplace #TabContent3 .norm {font-size: 11px; line-height: 14px; color: #000000; } #cnnMarketplace #TabContent3 .norm a { color: #0000ff; } #cnnMarketplace #TabContent3 .normw { font-size: 11px; line-height: 14px; color: #ffffff; } #cnnMarketplace #TabContent3 .calpanel { position: absolute; z-index:5; } #cnnMarketplace #TabContent3 .calblock { position: absolute; left: 160px; top: 0px; width: 140px; height: 330px; z-index: 15; visibility: hidden; } * html #cnnMarketplace #TabContent3 .calblock { top:-15px; } #cnnMarketplace #TabContent3 .cal_header { font-size: 12px; font-weight: bold; color: #ffffff; } #cnnMarketplace #TabContent3 .cal_days { font-size: 9px; font-weight: bold; color: #aaddff; } #cnnMarketplace #TabContent3 .cal_day { font-size: 11px; line-height: 15px; color: #999999; } #cnnMarketplace #TabContent3 .cal_day a:link { font-size: 11px; line-height: 15px; font-weight: bold; color: #3366ff; text-decoration: none; } #cnnMarketplace #TabContent3 .cal_day a:visited { color: #3366ff;} #cnnMarketplace #TabContent3 .cal_day a:active { color: #3366ff; } #cnnMarketplace #TabContent3 .cal_day a:hover { color: #3366ff; } #cnnMarketplace #TabContent3 div {position: relative;} #cnnMarketplace #TabContent3 #cnnOrbitz354Top{ padding: 9px 6px 9px 9px;} #cnnMarketplace #TabContent3 #cnnOrbitz336SearchBlock{position: absolute; top: 9px; left: 148px; font-weight: bold; font-size: 10px; color: #949494;} #cnnMarketplace #cnnOrbitz336SearchBlock td {font-weight: bold; font-size: 10px; color: #949494; } #cnnMarketplace #TabContent3 #cnnOrbitz336Search{font-size: 11px; color: #000000;} #cnnMarketplace #TabContent3 #cnnOrbitz336Dates{position: relative; top: -87px; left: 102px;} * html #cnnMarketplace #TabContent3 #cnnOrbitz336Dates{position: relative; top: -82px; left: 102px;} * html #cnnMarketplace #TabContent3 #cnnOrbitz336Dates{top: -81px;} #cnnMarketplace #TabContent3 #cnnOrbitz336Bottom{border-top: solid 1px #e6e6e6; line-height: 17px; padding: 6px;} #cnnMarketplace #TabContent3 #cnnOrbitz336Bottom #cnnOrbitz336Search{padding-left:158px; padding-left:152px;} #cnnMarketplace #TabContent3 #cnnOrbitz336Bottom #cnnOrbitz336Options{position: absolute; top: 6px; left: 250px;} #cnnMarketplace #TabContent3 a{font-size: 10px;} #cnnMarketplace #TabContent3 input{font-family: Arial; font-size: 10px; color: #949494; border-top: solid 1px #999999; border-right: solid 1px #d9d9d9; border-bottom: solid 1px #d9d9d9; border-left: solid 1px #999999; width: 93px; height: 16px; padding: 2px 0px 0px 3px; margin-top: 4px;} #cnnMarketplace #TabContent3 #cnnOrbitz336SearchBlock input{width: 75px;} #cnnMarketplace #TabContent3 form { margin : 0px; } -->
Marketplace

STR #2

1. go to msnbc.com
2. in the right column, there's a set of links to NBC News highlights, followed by an ad, followed by a local weather box.
3. Select the links, then keep going over the ad to select the weather for whatever city comes up for you
4. Copy, paste into another email asking daddy why you keep getting things like

[[[
  Oprah’s private school rocked by scandal
  School cafeterias waging cupcake wars
advertisement
.dbxUnDa {background-color: #EEE;} .dbxUnDa .textSmallBold {background-image:url('http://msnbcmedia.msn.com/i/msnbc/Components/ColorBoxes/Styles/img/bg_ev07_v3.gif') !important; height: 20px; color: #FFFFFF; font-size: 90%; font-weight: bold; font-family: Arial, Helvetica, sans-serif !important; text-transform: lowercase;} .dbxUnDa .textBold {background-image:url('http://msnbcmedia.msn.com/i/msnbc/Components/ColorBoxes/Styles/img/bg_ev07_v3.gif') !important; height: 20px; color: #FFFFFF; font-size: 90%; font-weight: bold; font-family: Arial, Helvetica, sans-serif !important; } .dbxUnDb .textMedBlackBold, .dbxUnDb .textSmallGrey {font-family: Arial, Helvetica, sans-serif; color: #666;} .dbxPeTa {border-bottom: 1px solid #336699; background-color: #336699; background-image:url('http://msnbcmedia.msn.com/i/msnbc/Components/ColorBoxes/Styles/img/bg_ev07_v3.gif'); height:25px;} .dbxPeTa .textSmallReverseBold {color: #FFFFFF; font-size: 90%; font-weight: bold; font-family: Arial, Helvetica, sans-serif !important; padding-left: 10px;} .dbxPeDi {background-color: #EEE; border-color: #DDD;} .dbxPeDi .bulletRedHere {display: none;} .dbxPeDi .textSmallBlackBold {font-family: Arial, Helvetica, sans-serif; font-size: 70%; color: #444; margin-bottom: 10px;} .dbxPeDi .textSmallBlackBold .linkBlack {font-weight: normal;} .dbxPeDi .textMedBlack {font-family: Arial, Helvetica, sans-serif; font-size: 70%; #444; line-height: 150%;} .dbxPeDi .linkRed {font-weight: bold; font-size: 110%; color: #147; text-decoration: none;} .dbxPeDi a {font-size: 100%; color: #147; text-decoration: none; border-bottom: 1px dotted #CCC;} .dbxPeDi a:hover {color: #C00; border-bottom: 1px solid #C00; text-decoration: none;} .dbxPeDi table .textSmallBlack {color: #666;} .dbxPeDi .textMedBlackBold {font-size: 70%;} .dbxPeDi .textMedBlackHang {text-indent: 0px; margin-bottom: 5px; margin-left: 0px; font-weight: bold; font-family: Arial, Helvetica, sans-serif;} .dbxPeDi .textMedBlackHang a {border-bottom: 1px dotted #CCC;} .dbxPeDi .textMedBlackHang a:hover {border-bottom: 1px solid #C00;} .dbxPeDi table {padding: 5px 0 5px 0;} .dbxPeDi td {padding: 2px;} .dbxPeDi hr {color: #999;} .dbxScTd .textSmallRed, .dbxScTd .linkSmall {font-size: 70%;}
Local news, weather, & sports
Enter zip code to change location
 
ZIP CODE
WEATHER	• Change
New York, NY
Updated 5:51 p.m. Oct. 31, 2007 
]]]

(Yeah, this is an obnoxious comment to add to a bug, but... "Not a blocker"? Those two examples took me less than two minutes to find.)
Keywords: regression
The main argument was that this wasn't marked a regression and we seemed to have done just fine in the past without it fixed (i don't see any bugs filed other than yours).

I see that you now marked it as a regression which changes things quite a bit.

But don't worry, i don't see any reason this won't be approved for after-beta-checkin.
My only guess for why it wasn't reported is that copying text from mainstream websites isn't a common nightly tester behavior: I just looked at Alexa's top 10, and only the BBC and Google News manage to avoid having <style> in the <body> where it could be copied.
Wups, that was the _news_ top 10, but looking at random among the global top 50, things like MySpace, eBay, and Amazon all scatter style elements in the middle of copyable content.
Comment on attachment 286641 [details] [diff] [review]
Fix v.1

a=release drivers
Attachment #286641 - Flags: approval1.9? → approval1.9+
content/base/src/nsPlainTextSerializer.cpp 1.130
content/base/test/Makefile.in 1.29
content/base/test/test_bug401662.html 1.1
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: