Ubuntu
firefox-3.0 package

BASE HREF not taken into account in <APPLET> CODEBASE attribute

Bug #409329 reported by marcel
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox-3.0 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: firefox-3.0

* System info:
linux: 64bit amd linux 2.6.27-14 Ubuntu 8.10
firefox package: 3.0.13+nobinonly-0ubuntu0.8.10.1

* Problem description:
Relative URLs are correctly interpreted with BASE taken into account, but not for APPLET. for instance with a page (with url http://localhost:8080/idm71/account/page.html) and containing BASE and APPLET tags as described further, the codebase will be expanded to (WHAT HAPPENS)

http://localhost:8080/idm71/account/applet/

while it should be following instead (WHAT IS EXPECTED TO HAPPEN):

http://localhost:8080/idm71/applet/

<BASE href="http://localhost:8080/idm71/">

<APPLET name='waveset.roles'
             codebase= 'applet/'
             archive='ms6.jar'
             code='com.waveset.ui.web.applet.multiselect.class'
             width='400'
             height='150'
             hspace='0'
             vspace='0'
             align='middle'
             alt='Roles'
             mayscript>
  <PARAM name="unselectedoption0" value="Citrix+Install">
  <PARAM name="unselectedoption1" value="Oleron+Project">
  <PARAM name="unselectedoption2" value="SAP+HR+Integration">
  <PARAM name="selectedtitle" value="Current Roles">
  <PARAM name="unselectedtitle" value="Available Roles">
  <PARAM name="OnAnyMoveJavaScript" value="submitCommandAndYallComeBack(\'waveset.roles\', document.mainform, \'Recalculate\');">
</APPLET>

(Strange is that the problem does not occur on 32bit linux? Tried it some time ago with Firefox 3.0.10 I guess.)

Thanks!

ProblemType: Bug
Architecture: amd64
DistroRelease: Ubuntu 8.10
NonfreeKernelModules: fglrx
Package: firefox-3.0 3.0.13+nobinonly-0ubuntu0.8.10.1
ProcEnviron:
 PATH=.:/opt/java/jdk/bin:/opt/software/java/netbeans/bin:/work/opt/openoffice.org3/program:/home/username/bin:/opt/software/java/OpenDS/bin:/home/username/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: firefox-3.0
Uname: Linux 2.6.27-14-generic x86_64

Tags: apport-bug
Revision history for this message
marcel (marcel-snijkers) wrote :
Revision history for this message
Micah Gersten (micahg) wrote :

Thank you for reporting this to Ubuntu. Unfortunately, that usage is not allowed per the HTML4 spec:
http://www.w3.org/TR/html401/struct/objects.html#h-13.4

"codebase = uri [CT]
    This attribute specifies the base URI for the applet. If this attribute is not specified, then it defaults the same base URI as for the current document. Values for this attribute may only refer to subdirectories of the directory containing the current document. Note. While the restriction on subdirectories is a departure from common practice and the HTML 3.2 specification, the HTML Working Group has chosen to leave the restriction in this version of the specification for security reasons."

Changed in firefox-3.0 (Ubuntu):
status: New → Invalid
Revision history for this message
marcel (marcel-snijkers) wrote :

Seems fair enough. Thanks for you comment.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.