Skip to main content

Search and Top Navigation

#8288 closed bug (fixed)

Opened May 02, 2012 03:44PM UTC

Closed May 07, 2012 02:32PM UTC

Last modified May 07, 2012 02:34PM UTC

Regression: jquery-ui animations focus fix causes Firefox Security Manager veto.

Reported by: coling Owned by: coling
Priority: minor Milestone: 1.8.21
Component: ui.effects.core Version: 1.8.20
Keywords: Cc:
Blocked by: Blocking:


I have found a regression with commit:

(referencing #7595)

I can reproduce the error easily in my code, but it seems someone else also ran into the same issue:

Firebug Security manager text:

Security Manager vetoed action arg 0 [nsIDOMHTMLDivElement.contains]

Simply enclosing the whole check in a try/catch block works around the problem and is (to me) as sensible precaution anyway.

I'm happy to test any alternative fixes however.

I will upload a patch shortly.

Attachments (0)
Change History (19)

Changed May 02, 2012 03:47PM UTC by rdworth comment:1

component: ui.coreeffects.core

Changed May 02, 2012 03:49PM UTC by scottgonzalez comment:2

owner: → coling
status: newpending

Please provide a reduced test case, pointing at an issue in an unrelated project isn't too helpful.

Changed May 02, 2012 04:01PM UTC by coling comment:3

status: pendingnew

Sorry, I don't have time right now to produce a reduced test case (the conditions for it are no doubt complex and the code I have is pretty complex with various screen transitions), but I'm pretty certain the issue on the other project is caused by this same previous fix. When I find time I'll try and reduce it to a simple test case (current code involves iframe based form submission for file uploads and transitions, so I'd guess any test case would require server code also to deal with ajax responses).

My fix is here if you want it (it's pretty harmless with regards to the previous behaviour before #7595, so you may still want to apply it.

As I said, above, there may be a nicer fix but it works for me.

Changed May 02, 2012 04:16PM UTC by scottgonzalez comment:4

status: newpending

We need a test case or we can't consider this a bug.

Changed May 02, 2012 08:07PM UTC by coling comment:5

status: pendingnew

OK, I managed to simplify the case where this shows up.

What should happen (and does under Chrome) is that when you select a file from the form, the box should slide way to the left, be replaced with a message that slides in from the right, and the form submitted.

What actually happens is that Firefox will veto the action with the above message. Tested on Firefox 10 ESR on linux and Firefox 11 Windows. Having Firebug opened when you load the above fiddle should show the security manager veto message.

Changed May 02, 2012 08:28PM UTC by scottgonzalez comment:6

status: newopen

This only occurs if you click in the text portion of the input element, not the button. For some reason Firefox is removing the input element (which had focus) from the document.

Changed May 02, 2012 09:00PM UTC by scottgonzalez comment:7

An actually reduced test case:

Changed May 02, 2012 09:10PM UTC by coling comment:8

FWIW, it happens for me whether I click on the button or the text area of the upload element. This is on the Linux version which may have a slightly different layout for such elements however.

Changed May 02, 2012 09:20PM UTC by gnarf comment:9

Confirmed as well - gives a pure JS reduction of the use case, maybe this is a Firefox bug?

Changed May 02, 2012 09:57PM UTC by coling comment:10

Could very well be a Firefox bug - certainly that test case is pretty damning. Can't think why it should be vetoed.

Assuming it is, what is your policy on that? I'm normally a kind of hard line on these things (only fix the issue where it should be fixed, don't add kludges), but as I've had people comment to me about the problem uploading content on Firefox after jQuery UI 1.8.16, I'd also quite like the try/catch workaround added upstream :p

Changed May 03, 2012 11:20AM UTC by coling comment:11

Would you like me to open a bug report over at Mozilla?

Changed May 03, 2012 01:08PM UTC by scottgonzalez comment:12

@coling Thanks, I'm already working on it.

Changed May 03, 2012 02:17PM UTC by scottgonzalez comment:13

There's an existing Mozilla ticket, from two years ago with zero activity :-(

I've added a comment with links to this ticket, and multiple reduced test cases. I'll also ping individual Mozilla devs about it.

Changed May 03, 2012 02:30PM UTC by coling comment:14

Good sleuthing on finding the existing bug. I've added myself to the CC there.

As I don't really expect to be holding my breath for a fix and as this was exposed by a previous bugfix in jQuery, do you think adding the try/catch block as I suggested would be sensible in the short term?

As I mentioned above, I don't normally like these kind of kludges if the problem is genuinely elsewhere, but I guess your policy on this is usually somewhat more pragmatic (otherwise support for older browsers would be dropped a long time ago!!)

Obviously it's in our interests to close this bug (either as wontfix/upstream or as as workaroundcommitted - I don't know your resolutions, so I'm just making them up!) as it will probably not serve much purpose on it's own and will just detract from your other reports.

Changed May 03, 2012 02:36PM UTC by scottgonzalez comment:15

We'll definitely land a fix for this, probably this week. We're just trying to figure out the cleanest way to detect and work around this bug.

Changed May 03, 2012 02:38PM UTC by coling comment:16

Awesome, I'll just shut up and let you get on with it then :)

Please do ping me if you need any input on it, but yu all likely understand the issue far better than me anyway.

Cheers and KUTGW!

Changed May 07, 2012 02:32PM UTC by Scott González comment:17

resolution: → fixed
status: openclosed

Effects: Check for anonymous content being exposed via document.activeElement. Fixes #8288 - Regression: jquery-ui animations focus fix causes Firefox Security Manager veto.

Changeset: a7e143b4fe395baeda297ea96ef39921ea7f5a5d

Changed May 07, 2012 02:34PM UTC by Scott González comment:18

Effects: Check for anonymous content being exposed via document.activeElement. Fixes #8288 - Regression: jquery-ui animations focus fix causes Firefox Security Manager veto.

(cherry picked from commit a7e143b4fe395baeda297ea96ef39921ea7f5a5d)



Changeset: b676d5956137d8bc35087e3160813a025be436d0

Changed May 07, 2012 02:34PM UTC by scottgonzalez comment:19