17042 2008-01-27 23:06:47 -0800 <form> tags used without action attribute but with a <base> tag 2008-02-06 14:29:16 -0800 1 1 1 Unclassified WebKit Forms 523.x (Safari 3) Mac OS X 10.5 VERIFIED FIXED P2 Normal --- 1 rsesek webkit-unassigned ap oldest_to_newest 68423 0 rsesek 2008-01-27 23:06:47 -0800 When a HTML document has <base> tag, all relative URIs should be resolved in regards to that (as per the W3 spec on the matter: http://www.w3.org/TR/html401/struct/links.html#h-12.4). However, the handling of <form> elements without an "action" attribute is incorrect (when using Firefox and the HTML spec as references). If you were to use a <form> tag without an action attribute alongside a <base> tag, then the form will submit to *only* to the href of the <base> tag. Normally, when a <form> tag does not have an action attribute and a <base> tag is not present, the form submits to the originating page. Thus, the logical behavior should be as follows: when a <form> tag does not have an action attribute and a <base> tag is present, then the form should submit to the href of the <base> tag concatenated by the originating page. Example: Base Tag: http://example.com/base/ Originating page: foo.php Current implementation would submit to: http://example.com/base/ Fixing this bug would result in submitting to: http://example.com/base/foo.php 68424 1 18734 rsesek 2008-01-27 23:07:41 -0800 Created attachment 18734 Testcase 68457 2 ap 2008-01-28 09:56:14 -0800 Both Firefox 2.0.0.9 and IE7 seem to ignore base URI when submitting this form (and submit to <http://bugs.webkit.org/attachment.cgi?submit=Submit+The+Form>). Are you seeing different results? Does this issue affect any actual sites? This would make it more important, of course. Confirming as a difference with IE and Firefox, but I'm not sure what behavior would be best. 68469 3 rsesek 2008-01-28 11:42:03 -0800 The only site that I've experienced this issue on is the internal website we use at my job, so the criticality of it is very low (as far as I can tell). As for the behavior, logically I think it makes the most sense to submit to (from the attachment): http://localhost/foo/zoo/base/attachment.cgi?submit=Submit+The+Form The reasoning: you take the <base> because all relative URIs should be resolved from that. Then concatenate the originating page's basename (in this case attachment.cgi) because when <form>s do not have an action attribute, it submits to the originating page. However, this would probably break away from the implementation of IE and FF, so perhaps just submitting to the full URL of the originating page is the best way to do it. 68471 4 18741 rsesek 2008-01-28 12:23:26 -0800 Created attachment 18741 Patch using FF and IE implementation Here's a patch that would implement the Firefox and IE behavior. 68832 5 18741 darin 2008-01-30 12:46:25 -0800 Comment on attachment 18741 Patch using FF and IE implementation Thanks for contributing this fix! The code change looks OK to me, but we need a regression test. That's the policy for the WebKit project -- we require a test for any bug we fix. The LayoutTests/fast/forms directory has lots of form tests. You can probably start with one of those to make a test. For example, empty-get.html. 68890 6 18808 rsesek 2008-01-30 21:44:22 -0800 Created attachment 18808 Patch, take 2 Sorry about not submitting the test, I'm not familiar with the procedure. I have updated the patch to include a layout test for this bug. 68939 7 18808 darin 2008-01-31 10:47:06 -0800 Comment on attachment 18808 Patch, take 2 r=me 69426 8 mrowe 2008-02-04 21:34:46 -0800 Landed in r29989. Thanks for the patch! 18734 2008-01-27 23:07:41 -0800 2008-01-27 23:07:41 -0800 Testcase testcase.html text/html 330 rsesek PGh0bWw+CjxoZWFkPgoJPGJhc2UgaHJlZj0iaHR0cDovL2xvY2FsaG9zdC9mb28vem9vL2Jhc2Uv IiAvPgoJPHRpdGxlPldlYktpdCBUZXN0IENhc2UgZm9yICMxNzA0MjwvdGl0bGU+CgkKPC9oZWFk PgoKPGJvZHk+CgkKCTxhIGhyZWY9ImxpbmtwYWdlLmh0bWwiPlRoaXMgaXMgYSBsaW5rIHRoYXQg c2hvdWxkIHVzZSBhIGJhc2UgdGFnLjwvYT4KCQoJPGZvcm0gbWV0aG9kPSJnZXQiPgoJCQoJCTxp bnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9InN1Ym1pdCIgdmFsdWU9IlN1Ym1pdCBUaGUgRm9ybSIg aWQ9InN1Ym1pdCIgLz4KCQkKCTwvZm9ybT4KCgo8L2JvZHk+CjwvaHRtbD4K 18741 2008-01-28 12:23:26 -0800 2008-01-30 21:44:22 -0800 Patch using FF and IE implementation patch.diff text/plain 1170 rsesek SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAyOTgzNCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTMgQEAKKzIwMDgtMDEtMjggIFJvYmVydCBTZXNlayAgPHJzZXNla0BibHVlc3Rh dGljLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBGaXggaHR0cDovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTcwNDIKKyAgICAg ICAgZm9ybXMgd2l0aG91dCBhY3Rpb24gYXR0cmlidXRlcyBzdWJtaXQgdG8gdGhlIDxiYXNlPiBo cmVmIGluc3RlYWQgb2YgdGhlIG9yaWdpbmF0aW5nIHBhZ2UKKworICAgICAgICAqIGh0bWwvSFRN TEZvcm1FbGVtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkhUTUxGb3JtRWxlbWVudDo6c3Vi bWl0KTogU3VibWl0IHRvIG9yaWdpbiBpZiB0aGVyZSBpcyBubyBhY3Rpb24KKwogMjAwOC0wMS0y OCAgRGFuIEJlcm5zdGVpbiAgPG1pdHpAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5 IERhcmluIEFkbGVyLgpJbmRleDogV2ViQ29yZS9odG1sL0hUTUxGb3JtRWxlbWVudC5jcHAKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gV2ViQ29yZS9odG1sL0hUTUxGb3JtRWxlbWVudC5jcHAJKHJldmlzaW9uIDI5 ODI3KQorKysgV2ViQ29yZS9odG1sL0hUTUxGb3JtRWxlbWVudC5jcHAJKHdvcmtpbmcgY29weSkK QEAgLTQ4MCw2ICs0ODAsOSBAQCB2b2lkIEhUTUxGb3JtRWxlbWVudDo6c3VibWl0KEV2ZW50KiBl dmVuCiAKICAgICBpZiAobmVlZEJ1dHRvbkFjdGl2YXRpb24gJiYgZmlyc3RTdWNjZXNzZnVsU3Vi bWl0QnV0dG9uKQogICAgICAgICBmaXJzdFN1Y2Nlc3NmdWxTdWJtaXRCdXR0b24tPnNldEFjdGl2 YXRlZFN1Ym1pdCh0cnVlKTsKKyAgICAKKyAgICBpZiAoIW1fdXJsKQorICAgICAgICBtX3VybCA9 IGRvY3VtZW50KCktPnVybCgpOwogCiAgICAgaWYgKG1fcG9zdCkgewogICAgICAgICBpZiAobV9t dWx0aXBhcnQgJiYgaXNNYWlsdG9Gb3JtKCkpIHsK 18808 2008-01-30 21:44:22 -0800 2008-01-31 10:47:06 -0800 Patch, take 2 patch2.diff text/plain 3426 rsesek SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAyOTg4MikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTUgQEAKKzIwMDgtMDEtMzAgIFJvYmVydCBTZXNlayAgPHJzZXNla0BibHVlc3Rh dGljLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBGaXggaHR0cDovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTcwNDIKKyAgICAg ICAgZm9ybXMgd2l0aG91dCBhY3Rpb24gYXR0cmlidXRlcyBzdWJtaXQgdG8gdGhlIDxiYXNlPiBo cmVmIGluc3RlYWQgb2YgdGhlIG9yaWdpbmF0aW5nIHBhZ2UKKworICAgICAgICBUZXN0OiBmYXN0 L2Zvcm1zL21pc3NpbmctYWN0aW9uLmh0bWwKKworICAgICAgICAqIGh0bWwvSFRNTEZvcm1FbGVt ZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkhUTUxGb3JtRWxlbWVudDo6c3VibWl0KTogU3Vi bWl0IHRvIG9yaWdpbiBpZiB0aGVyZSBpcyBubyBhY3Rpb24KKwogMjAwOC0wMS0zMCAgRGFyaW4g QWRsZXIgIDxkYXJpbkBhcHBsZS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgVGltIEhhdGNo ZXIuCkluZGV4OiBXZWJDb3JlL2h0bWwvSFRNTEZvcm1FbGVtZW50LmNwcAo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0t LSBXZWJDb3JlL2h0bWwvSFRNTEZvcm1FbGVtZW50LmNwcAkocmV2aXNpb24gMjk4NzIpCisrKyBX ZWJDb3JlL2h0bWwvSFRNTEZvcm1FbGVtZW50LmNwcAkod29ya2luZyBjb3B5KQpAQCAtNDgwLDYg KzQ4MCw5IEBAIHZvaWQgSFRNTEZvcm1FbGVtZW50OjpzdWJtaXQoRXZlbnQqIGV2ZW4KIAogICAg IGlmIChuZWVkQnV0dG9uQWN0aXZhdGlvbiAmJiBmaXJzdFN1Y2Nlc3NmdWxTdWJtaXRCdXR0b24p CiAgICAgICAgIGZpcnN0U3VjY2Vzc2Z1bFN1Ym1pdEJ1dHRvbi0+c2V0QWN0aXZhdGVkU3VibWl0 KHRydWUpOworICAgIAorICAgIGlmICghbV91cmwpCisgICAgICAgIG1fdXJsID0gZG9jdW1lbnQo KS0+dXJsKCk7CiAKICAgICBpZiAobV9wb3N0KSB7CiAgICAgICAgIGlmIChtX211bHRpcGFydCAm JiBpc01haWx0b0Zvcm0oKSkgewpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gMjk4ODIpCisrKyBMYXlvdXRU ZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxMyBAQAorMjAwOC0wMS0z MCAgUm9iZXJ0IFNlc2VrICA8cnNlc2VrQGJsdWVzdGF0aWMub3JnPgorCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRlc3QgZm9yIEZpeCBodHRwOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNzA0MgorICAgICAgICBmb3JtcyB3aXRob3V0 IGFjdGlvbiBhdHRyaWJ1dGVzIHN1Ym1pdCB0byB0aGUgPGJhc2U+IGhyZWYgaW5zdGVhZCBvZiB0 aGUgb3JpZ2luYXRpbmcgcGFnZQorCisgICAgICAgICogZmFzdC9mb3Jtcy9taXNzaW5nLWFjdGlv bi1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGZhc3QvZm9ybXMvbWlzc2luZy1hY3Rp b24uaHRtbDogQWRkZWQuCisKIDIwMDgtMDEtMzAgIEp1c3RpbiBHYXJjaWEgIDxqdXN0aW4uZ2Fy Y2lhQGFwcGxlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBieSBEYXJpbiBBZGxlci4KSW5kZXg6 IExheW91dFRlc3RzL2Zhc3QvZm9ybXMvbWlzc2luZy1hY3Rpb24tZXhwZWN0ZWQudHh0Cj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIExheW91dFRlc3RzL2Zhc3QvZm9ybXMvbWlzc2luZy1hY3Rpb24tZXhwZWN0ZWQu dHh0CShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9mb3Jtcy9taXNzaW5nLWFjdGlv bi1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsNCBAQAorVGVzdCBmb3IgYnVn IDE3MDQyOiBGb3JtcyB3aXRob3V0IGFjdGlvbnMgYW5kIGEgYmFzZSB0YWcgc3VibWl0IGluY29y cmVjdGx5LgorCisKK1N1Y2Nlc3MKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvZm9ybXMvbWlzc2lu Zy1hY3Rpb24uaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L2Zvcm1zL21pc3Np bmctYWN0aW9uLmh0bWwJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L2Zvcm1zL21p c3NpbmctYWN0aW9uLmh0bWwJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMzYgQEAKKzxodG1sPgor PGJhc2UgaHJlZj0iaHR0cDovL3d3dy5leGFtcGxlLmNvbS9mYWlsdXJlLyI+Cis8aGVhZD4KKzx0 aXRsZT5TdWJtaXR0aW5nIGZvcm1zIHdpdGggbm8gYWN0aW9uIGF0dHJpYnV0ZTwvdGl0bGU+Cis8 L2hlYWQ+Cis8Ym9keT4KKzxwPlRlc3QgZm9yIDxhIGhyZWY9Imh0dHA6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTE3MDQyIj5idWcgMTcwNDI8L2E+OiBGb3JtcyB3aXRob3V0IGFj dGlvbnMgYW5kIGEgYmFzZSB0YWcgc3VibWl0IGluY29ycmVjdGx5LjwvcD4KKworPGZvcm0gbmFt ZT0iZiIgbWV0aG9kPSJnZXQiPgorPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IlRlc3QiLz4K KzwvZm9ybT4KKworPHNjcmlwdD4KK2lmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIpIHsK KyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CisgICAgbGF5b3V0VGVzdENv bnRyb2xsZXIud2FpdFVudGlsRG9uZSgpOworfQorCitpZiAoZG9jdW1lbnQuVVJMLmluZGV4T2Yo Jz8nKSA9PSAtMSkgeworCisgICAgZG9jdW1lbnQuZi5zdWJtaXQoKTsKKworfSBlbHNlIHsKKyAg ICAKKyAgICBpZiAodW5lc2NhcGUoZG9jdW1lbnQuVVJMLnN1YnN0cmluZyhkb2N1bWVudC5VUkwu aW5kZXhPZignPycpKzEsIGRvY3VtZW50LlVSTC5sZW5ndGgpKSA9PSAiIikKKyAgICAgICAgZG9j dW1lbnQud3JpdGUoIjxwPlN1Y2Nlc3M8L3A+Iik7CisgICAgZWxzZQorICAgICAgICBkb2N1bWVu dC53cml0ZSgiPHA+RmFpbHVyZTwvcD4iKTsKKyAgICAKKyAgICBpZiAod2luZG93LmxheW91dFRl c3RDb250cm9sbGVyKQorICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5ub3RpZnlEb25lKCk7 Cit9CisKKzwvc2NyaXB0PgorPC9ib2R5PgorPC9odG1sPgpcIE5vIG5ld2xpbmUgYXQgZW5kIG9m IGZpbGUK