HTTP Post of form data adding extra character - Empty Option Value Memory Bug

Duplicate Issue #17544525 • See Issue #17477791

Details

Author
Jared D.
Created
May 16, 2018
Privacy
This issue is public.
Found in
  • Microsoft Edge
Standard affected
- HTML | MDN

Duplicates
See progress on Bug #17477791
Found in build #
42.17134
Reports
Reported by 5 people

Sign in to watch or report this issue.

Steps to reproduce

  1. Open Edge 42.17134 (latest) on Windows 10
  2. Load a form with a select menu with the option values omitted
  3. Submit the form

Randomly, but with high probability, an extra character that is not part of the option’s text content will be appended to the value using during form submission. The seems to indicate that the value is reading past the bounds of the memory allocated for the option’s text content.

We have a growing number of Edge users who are generating errors on our site due to junk characters being added at the end of option values. The issue started at different times for each of user over the past week. The user agent strings in our logs indicate that the errors starting for a user correlates to the user upgrading from Edge 41.16299 to 42.17134.

Attachments

0 attachments

    Comments and activity

    • Upon closer inspection, we are setting the value of the option, but we are setting it to a number instead of a string in JavaScript. The value attribute not being shown in the DOM explorer caused me to assume it had no value.

    • Ignore that last comment. The original description is correct. The value is omitted in the page’s HTML, not in options generated by JavaScript. Sorry for the noise.

    • I confirm the above bug. My example is when the option has no value attribute a random character is appended to the submitted value:

      00

      Randomly, the value of the select is submitted with “00” followed by another unexpected character!

    • My example code got clobbered by this fantastic submission form. Let’s try again…

      <select name="foo">
      <option>00</option>

      Form submits with value “00o” or “00r” or some other random character after the proper value.

    • I’m hitting this too. I think this is the same issue as https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/17358578/

    • We were able to patch the templates to explicitly supply a value to avoid hitting this bug, but we are running into a different use of the option tag that is hitting this error now. We are creating new options with javascript, setting their text content, then setting their values. FWIW the values are strings, but they are only digits just like the previous options we patches. I am having a hard time reproducing it locally and we are getting a very low volume of customers hitting this one, so it may just happen with a much lower probability. Without being able to reproduce it consistently, we can’t develop a fix. We are currently requiring customers that hit this to switch to an alternate browser.

    • I am pretty confident this is a duplicate of #17358578. Thanks for finding that Dan. It would be nice if someone could update the title of that issue. When I was searching for existing issues the “Windows 10 1803” and “ASP” references caused me to ignore it.

    • Any update on when this is going to be fixed? Can they stop pushing out this update in the meantime. This is a very serious bug that is destroying data.

    • Microsoft Edge Team

      Changed Assigned To to “Steven K.”

      Changed Title from “Empty Option Value Memory Bug” to “HTTP Post of form data adding extra character - Empty Option Value Memory Bug”

    • Hello all,

      I believe this is the same issue as a couple others we have in our system.  The issue only occurs when an HTTP POST is used for a form’s option data.  Let me know if anyone disagrees.

      Here are the two open issues right now.  I believe those two are the same as well.

      https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/17477791/
      https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/17358578/

      Steve

    • Microsoft Edge Team

      Changed Status to “Duplicate”

    • This bug has marked as duplicate. Please follow the parent issue to get new updates.

    You need to sign in to your Microsoft account to add a comment.

    Sign in