seen on branch 0607 windows..pls reassign if component is incorrect go to msn.com enter username and password and click GO On the 'password save' dialog, click NO Observe a 'security warning' dialog pops up. click OK Again ,a 'password save' dialog comes up. and another security dialog comes up..... xpcted : only one password save dialog should appear

not sure if this is passwd mgr or crypto.

It's crypto. Reassigning.

Worksforme with the latest trunk build.

seen on the branch...

2001061414 linux build. Confirmed. P2 Target->2.0

*** Bug 84823 has been marked as a duplicate of this bug. ***

Mass reassigning target to 2.1

-> P1

Re-assigning to morse. Steve: I don't know why you re-assigned this bug to PSM. If you have some information that it's PSM, please post in the bug. I disabled encrypting passwords (i.e. don't use PSM) and the problem still happens. The bug is that you are prompted twice by the Password Manager to remember you're password. Again, I don't think PSM is part of the mix here.

This is occuring because onsubmit handler is being called twice. We had a problem about that in the past so I'll try and see if I can locate the old bug report on it.

I believe the old bug that I was thinking of was bug 7858.

The problem is occuring when the form is being submitted, resulting in the onsubmit handler being called twice. Reassigning to form-submission.

FWIW, I tried to simplify this by extracting the form from this page and seeing if it alone demonstrated the problem. It did not. Posting the form here anyway, just for reference (extracting it was a difficult procedure because of the bad style in the msn page). Note however that I did not extract the javascript code (notable the SetJS routine). That could account for the multiple onsubmits. <html> <body> <form style="margin:0;" name=HotmailForm ACTION="https://lc1.law13.hotmail.passport.com/cgi-bin/dologin/" onSubmit="return setJS();" method=post> <input type=hidden name=curmbox value=ACTIVE> <input type=hidden name=js value=no> <input type=hidden name="6c6f7264" value="www.msn.com"> <table cellpadding=0 cellspacing=0 border=0 width=100% class=mctbl> <tr> <td valign="middle" colspan=3> <font face=verdana,sans-serif size=1>Hotmail Member Name:</font> &nbsp; </td> </tr> <tr> <td> <font face=verdana,sans-serif size=1> <input type="text" name="login" size="13" maxlength="64"> </font> </td> </tr> <tr> <td> <font face=verdana,sans-serif size=1>Password:</font> &nbsp; </td> </tr> <tr> <td> <font face=verdana,sans-serif size=1> <input type="password" name="passwd" size="13" maxlength="64"> </font> </td> <td width=22 valign="middle" align="center"> &nbsp; </td> <td> <input TYPE=IMAGE height=17 width=17 ID=m BORDER=0 SRC=http://msimg.com/w/AS_0/go_m.gif class=srchBtn ALT="Sign in to Hotmail"> </td> </tr> <tr> <td colspan=3> <a href="P/1/"> <font face=verdana,sans-serif size=1>Sign up for free e-mail</font> </a> </td> </tr> </table> </form> </body> </html>

Yes, it's the javascript that is causing the double submission. Add the following header to the html sample above and you can demonstrate the problem. It's because the javascript does an onsubmit. This is very familiar, and it isn't bug 7858 but some other bug that was reported on this problem. I'll see if I can find it. <head> <script> function setJS(){ document.HotmailForm.js.value="yes"; document.HotmailForm.submit(); } </script> </head>

Found the other bug that I was thinking of. It's 60280.

Here's a much simpler testcase that demonstrates the problem. <html> <body> <form name=HotmailForm onSubmit="document.HotmailForm.submit();"> <input type="text"> <input type="password"> <input type="submit"> </form> </body> </html>

Removing nsenterprise nomination, adding nsBranch.

sounds more like a pollmann issue, if not send it back

*** Bug 97085 has been marked as a duplicate of this bug. ***

Eric's not here anymore. I'll take a look.

from http://www.w3.org/TR/WD-script-960208.html OnSubmit A submit event occurs when a user submits a form. JavaScript requires you to return true in the event handler to allow the form to be submitted; return false to prevent the form from being submitted. This attribute is used only with the FORM element. I'm guessing that we are defaulting to returning true for the OnSubmit handler when an explicit return value has not be specified. Marking nsbranch+, since double submitting form data can cause serious problems.

removed keyword nsbranch since it now has nsbranch+, per pdt mtg.

any updates on the fix for this?

Pierre is looking at this bug today.

Reassigning to Rod

The basically does this: Sets a variable in the nsHTMLFormElement object indicating the submit had taken place. That way when the button click comes thru and asks it to submit again it bails out. Hitting reload or the back button still works because the nsHTMLFormElement obj gets newly created each time. Oops, ok, the patch doesn't work if for some reason the submit times out. The nsHTMLFormElement needs to be an observer of the submit.

Please let us know when this has been reviewed and super reviewed. We'd really like to get this on the PDT radar for inclusion in eMojo (write to pdt2@netscape.com when you have reviews). This seems pretty serious (or at least very annoying)

hey rod, the code for adding and removing the nsIWebProgressListener looks fine... But i don't see where you are resetting the 'submit state' if the document fails to load... what am i missing? -- rick

adding PDT for review

Rick, the mWebProgress acts like the "submit state", if it is non-null then we submitting, if it is null then we can submit. Should I doument that better?

Actually, the comments are there in the "DoSubmitOrReset" method, check those out

Comment on attachment 50691 [details] [diff] [review] proposed patch using nsIWebProgressListener r=rpotts@netscape.com

hey rod, you're absolutely right!! i'm blind :-) -- rick

Comment on attachment 50691 [details] [diff] [review] proposed patch using nsIWebProgressListener sr=kin@netscape.com

Rod, I talked with rpotts, and we both thought it would be better for your stub functions to return NS_OK, instead of NS_ERROR_NOT_IMPLEMENTED. This will avoid any possibility of short circuiting the loading process if they are called.

Changes are made, waiting on pdt

check it in - PDT+ If you have a list of sites we can test this against, it would good to get them in the comments of the bug.

fixed on tip and branch

Note: this checkin caused Bug 102176, Bug 102345, Bug 102532. So test against these now invalid bugs when the new patch is ready.

Marking nsbranch-. The potential fix is too risky.

I think that the correct solution would be to change the default action which is taken after the onSubmit JS handler function finishes. The default (not returned true and false) should be to cancel the submit. The form would be submitted because the document.HotmailForm.submit() function is called. But I don't know if it wouldn't break any other page (not conforming to standard) which assumes otherwise.

moving to 0.9.6

reassinging to new owner of form submission

Removed ETA from status

moving to 0.9.7 until rods checks why is still open although is alredy fixed

taking

I won't get this in until 9.8

back to you

WFM 010403 win98. Logging into msn using my hotmail account gives me "entering encrypted area" followed by "leaving encrypted area".

retargeting will be repaired when 72906 gets repaired

john: this is the same like 72906

Retargeting to same milestone as bug 72906.

Marking nsbeta1+

Fixed with bug 72906.

verifying