Bug#792331: iceweasel: <meta> encoding specification not taken into account past 1024 bytes in POST results

Celelibi celelibi at gmail.com
Tue Jul 14 02:12:17 UTC 2015 

Package: iceweasel
Version: 38.1.0esr-2
Severity: normal

Dear maintainer,

The bug here is kinda specific and weird, but a test-case is attached. I
apollogise if I don't use the latest version. But this bug has been
there for a while, and it's unlikely to fix itself.

Here is the setup:
- The server send a html content with the header:
	Content-Type: text/html
- No encoding specified in the Content-Type header
- This html content is encoded using UTF-8
- The html contains a <meta> tag specifying the encoding as UTF-8
- This <meta> tag is paste the first 1024 bytes

Triggering the bug:
- Retrive a html page with a GET request and the afformentioned setup,
  and the charset is detected as UTF-8
- Retrive the same page with a POST request and the afformentioned
  setup, and the charset is detected as windows-1252

I know HTML5 specify that any encoding specification should lie in
completely in the first 1024 bytes, but it's not the case for any
previous (X)HTML specifications. In any case, this difference in
behavior between a GET and POST request is really puzzling. As far as I
tested, it happens both in strict mode (tested with xhtml 1.1 page) and
in quirk mode.


Here I join a test-case that includes a line of php to ensure the right
Content-Type header is sent, a large block of comment to put the <meta>
tag after the 1024 first bytes, an UTF-8 accented letter, a form with a
POST method.

The size of the comment block is so that removing one byte make the bug
go away.

Best regards,
Celelibi


-- Package-specific info:

-- Extensions information
Name: Adblock Plus
Location: ${PROFILE_EXTENSIONS}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Status: enabled

Name: Comment labels greasemonkey-user-script
Status: enabled

Name: Cookies Manager+
Location: ${PROFILE_EXTENSIONS}/{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
Status: enabled

Name: Default theme
Location: /usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled

Name: Dictionnaire français «Classique & Réforme 1990»
Location: ${PROFILE_EXTENSIONS}/fr-classique-reforme1990 at dictionaries.addons.mozilla.org
Status: enabled

Name: DOM Inspector
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/inspector at mozilla.org
Package: xul-ext-dom-inspector
Status: enabled

Name: Element Hiding Helper pour Adblock Plus
Location: ${PROFILE_EXTENSIONS}/elemhidehelper at adblockplus.org.xpi
Status: enabled

Name: En-têtes HTTP en direct
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
Package: xul-ext-livehttpheaders
Status: enabled

Name: Firebug
Location: ${PROFILE_EXTENSIONS}/firebug at software.joehewitt.com.xpi
Status: enabled

Name: Google Similar Images
Location: ${PROFILE_EXTENSIONS}/nishan.naseer.googimagesearch at gmail.com.xpi
Status: enabled

Name: Greasemonkey
Location: ${PROFILE_EXTENSIONS}/{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
Status: enabled

Name: It's All Text!
Location: ${PROFILE_EXTENSIONS}/itsalltext at docwhat.gerf.org
Status: enabled

Name: Modify Headers
Location: ${PROFILE_EXTENSIONS}/{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
Status: enabled

Name: Mouse Gestures Redox
Location: ${PROFILE_EXTENSIONS}/{FFA36170-80B1-4535-B0E3-A4569E497DD0}
Status: enabled

Name: NoScript
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{73a6fe31-595d-460b-a920-fcc0f8843232}
Package: xul-ext-noscript
Status: enabled

Name: Tab Mix Plus
Location: ${PROFILE_EXTENSIONS}/{dc572301-7619-498c-a57d-39143191b318}.xpi
Status: enabled

Name: Tamper Data
Location: ${PROFILE_EXTENSIONS}/{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
Status: enabled

Name: TinEye Reverse Image Search
Location: ${PROFILE_EXTENSIONS}/tineye at ideeinc.com.xpi
Status: enabled

Name: User Agent Switcher
Location: ${PROFILE_EXTENSIONS}/{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
Status: enabled

Name: Video DownloadHelper
Location: ${PROFILE_EXTENSIONS}/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Status: user-disabled

Name: Web Developer
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{c45c406e-ab73-11d8-be73-000a95be3b12}
Package: xul-ext-webdeveloper
Status: enabled

-- Plugins information
Name: Java(TM) Plug-in 1.6.0_26
Location: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386/libnpjp2.so
Package: sun-java6-bin
Status: disabled

Name: Shockwave Flash (11.2.202.425)
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled


-- Addons package information
ii  iceweasel      38.1.0esr-2  i386         Web browser based on Firefox
ii  sun-java6-bin  6.26-0squeez i386         Sun Java(TM) Runtime Environment 
ii  xul-ext-dom-in 1:2.0.15-2   all          tool for inspecting the DOM of we
ii  xul-ext-liveht 0.17-4       all          add information about HTTP header
ii  xul-ext-noscri 2.6.9.29-1   all          permissions manager for Iceweasel
ii  xul-ext-webdev 1.2.5+repack all          web developer extension

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.10.11 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages iceweasel depends on:
ii  debianutils               4.5.1
ii  fontconfig                2.11.0-6.3
ii  libasound2                1.0.29-1
ii  libatk1.0-0               2.16.0-2
ii  libc6                     2.19-18
ii  libcairo2                 1.14.2-2
ii  libdbus-1-3               1.8.18-1
ii  libdbus-glib-1-2          0.102-1
ii  libevent-2.0-5            2.0.21-stable-2
ii  libffi6                   3.1-2+b2
ii  libfontconfig1            2.11.0-6.3
ii  libfreetype6              2.5.2-4
ii  libgcc1                   1:5.1.1-12
ii  libgdk-pixbuf2.0-0        2.31.4-2
ii  libglib2.0-0              2.42.1-1
ii  libgtk2.0-0               2.24.28-1
ii  libhunspell-1.3-0         1.3.3-3
ii  libnspr4                  2:4.10.8-2
ii  libnss3                   2:3.19.2-1
ii  libpango-1.0-0            1.36.8-3
ii  libsqlite3-0              3.8.10.2-1
ii  libstartup-notification0  0.12-4
ii  libstdc++6                5.1.1-12
ii  libvpx2                   1.4.0-4
ii  libx11-6                  2:1.6.3-1
ii  libxcomposite1            1:0.4.4-1
ii  libxdamage1               1:1.1.4-2+b1
ii  libxext6                  2:1.3.3-1
ii  libxfixes3                1:5.0.1-2+b2
ii  libxrender1               1:0.9.8-1+b1
ii  libxt6                    1:1.1.4-1+b1
ii  procps                    2:3.3.9-9
ii  zlib1g                    1:1.2.8.dfsg-2+b1

Versions of packages iceweasel recommends:
pn  gstreamer1.0-libav         <none>
pn  gstreamer1.0-plugins-good  <none>

Versions of packages iceweasel suggests:
pn  fonts-mathjax          <none>
ii  fonts-oflb-asana-math  000.907-6
ii  fonts-stix [otf-stix]  1.1.1-3
ii  libcanberra0           0.30-2.1
pn  libgnomeui-0           <none>
ii  libgssapi-krb5-2       1.12.1+dfsg-20
pn  mozplugger             <none>

-- Configuration Files:
/etc/iceweasel/iceweaselrc a7f1bcffd6febdb02e86652a60ebfd16 [Errno 2] Aucun fichier ou dossier de ce type: u'/etc/iceweasel/iceweaselrc a7f1bcffd6febdb02e86652a60ebfd16'
/etc/iceweasel/profile/search.rdf 939dcfba9fa92f86bcacb487df9dede1 [Errno 2] Aucun fichier ou dossier de ce type: u'/etc/iceweasel/profile/search.rdf 939dcfba9fa92f86bcacb487df9dede1'

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: meta_encoding_post_1024.php
Type: text/x-php
Size: 1183 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20150714/4f339945/attachment.bin>

More information about the pkg-mozilla-maintainers mailing list