Bug 134791 - Amazon.com product pages: redirect to ad (javascript:location.replace)
Summary: Amazon.com product pages: redirect to ad (javascript:location.replace)
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: unspecified
Platform: Gentoo Packages Linux
: NOR major
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-09-28 17:07 UTC by Chase Venters
Modified: 2006-09-30 16:35 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chase Venters 2006-09-28 17:07:51 UTC
Version:            (using KDE KDE 3.5.4)
Installed from:    Gentoo Packages
OS:                Linux

Visiting any product page on Amazon.com recently, I noticed that upon fully loading, I am getting redirected immediately to an advertisement, such as this URL:

http://ad.doubleclick.net/adi/amazon.pilot/;cid=3619312;sz=125x125;ord=2156?

I looked at the source code of the product page to see if I could determine what is going on, and I think I know a likely culprit. They have an IFRAME:

<iframe marginheight="0" marginwidth="0" style="width:125px; height:125px;" height="125" width="125" src="javascript:location.replace('http://ad.doubleclick.net/adi/amazon.pilot/;cid=3619312;sz=125x125;ord='+Math.floor(Math.random()*10000)+'?')" scrolling="no" frameborder="0">

Now, in other browsers I've tested, that location.replace gets evaluated inside the iframe itself. But Konqueror appears to be evaluating it inside the surrounding frame. 

I'm not sure if the evaluation context is defined by a standard. I would suspect that the Konqueror behavior is more sensical; but apparently other browsers handle it differently. I have sent a nastygram to Amazon about this and am trying to get it pushed through the thick mud of thick customer service representatives in the hope it might eventually make it to someone with a clue, because I think that was a rather poor implementation choice on their part to begin with.

But I thought I'd report that here too in case that really is a problem with Konqueror.
Comment 1 Maksim Orlovich 2006-09-28 17:45:12 UTC
If we do it different from other browsers, it is our problem :-(

I think there was some thread on kfm-devel about it, I'll see if there is a way we can fix it quicky...
Comment 2 Maksim Orlovich 2006-09-28 18:09:37 UTC
Do you have an example URL of where this happens, BTW?
Comment 4 Maksim Orlovich 2006-09-28 23:30:02 UTC
Yep :-(. Wonder what subset of pages this affects, but sounds like a high-priority bug.
Comment 5 Chase Venters 2006-09-28 23:42:33 UTC
Please be advised that I lit a fire under Amazon's ass about using javascript:location.replace() in that way, so our live example may disappear sooner or later. I'll save a copy of the page off so that there is a reference in case I misjudged what the problem is.
Comment 6 Maksim Orlovich 2006-09-29 03:10:07 UTC
I have a start on it, but it's a very messy feature....

for example the following are all possible, and behave as following in other browsers:
<iframe src='javascript:"Foo"'>  --- writes 'Foo' in the new page
<iframe src='javascript:"Foo" + document.body.appendChild(document.createTextNode("bar")'>  --- in mozilla and opera writes Foo[object Text], error about being unable to find body in IE
<iframe src='javascript:"Foo" + document.write('hi')'> --- 'hi' everywhere(!).

etc. So I don't yet have a good model of what's going on here...



Comment 7 Maksim Orlovich 2006-09-30 16:35:32 UTC
SVN commit 590600 by orlovich:

Evaluate scripts in <iframe src=javascript:..> in the right context.
Affects amazon and freemail.hu
BUG:134791
BUG:106748



 M  +13 -6     khtml_part.cpp  


--- branches/KDE/3.5/kdelibs/khtml/khtml_part.cpp #590599:590600
@@ -4314,12 +4314,19 @@
   // Support for <frame src="javascript:string">
   if ( url.find( QString::fromLatin1( "javascript:" ), 0, false ) == 0 )
   {
-      QVariant res = executeScript( DOM::Node(frame->element()), KURL::decode_string( url.right( url.length() - 11) ) );
-      KURL myurl;
-      myurl.setProtocol("javascript");
-      if ( res.type() == QVariant::String )
-	myurl.setPath(res.asString());
-      return processObjectRequest(*it, myurl, QString("text/html") );
+    if ( processObjectRequest(*it, KURL("about:blank"), QString("text/html") ) ) {
+      KHTMLPart* p = static_cast<KHTMLPart*>(static_cast<KParts::ReadOnlyPart *>((*it)->m_part));
+      
+      // See if we want to replace content with javascript: output..
+      QVariant res = p->executeScript( DOM::Node(), KURL::decode_string( url.right( url.length() - 11) ) );
+      if ( res.type() == QVariant::String ) {
+        p->begin();
+        p->write( res.asString() );
+        p->end();
+      }
+      return true;
+    }
+    return false;
   }
   KURL u = url.isEmpty() ? KURL() : completeURL( url );
   return requestObject( *it, u );