Steps to reproduce
- Open Edge 42.17134 (latest) on Windows 10
- Load a form with a select menu with the option values omitted
- Submit the form
Randomly, but with high probability, an extra character that is not part of the option’s text content will be appended to the value using during form submission. The seems to indicate that the value is reading past the bounds of the memory allocated for the option’s text content.
We have a growing number of Edge users who are generating errors on our site due to junk characters being added at the end of option values. The issue started at different times for each of user over the past week. The user agent strings in our logs indicate that the errors starting for a user correlates to the user upgrading from Edge 41.16299 to 42.17134.
Comments and activity
I confirm the above bug. My example is when the option has no value attribute a random character is appended to the submitted value:
Randomly, the value of the select is submitted with “00” followed by another unexpected character!
My example code got clobbered by this fantastic submission form. Let’s try again…
Form submits with value “00o” or “00r” or some other random character after the proper value.
I’m hitting this too. I think this is the same issue as https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/17358578/
I am pretty confident this is a duplicate of #17358578. Thanks for finding that Dan. It would be nice if someone could update the title of that issue. When I was searching for existing issues the “Windows 10 1803” and “ASP” references caused me to ignore it.
Any update on when this is going to be fixed? Can they stop pushing out this update in the meantime. This is a very serious bug that is destroying data.
- Microsoft Edge Team
Changed Assigned To to “Steven K.”
Changed Title from “Empty Option Value Memory Bug” to “HTTP Post of form data adding extra character - Empty Option Value Memory Bug”
I believe this is the same issue as a couple others we have in our system. The issue only occurs when an HTTP POST is used for a form’s option data. Let me know if anyone disagrees.
Here are the two open issues right now. I believe those two are the same as well.
- Microsoft Edge Team
Changed Status to “Duplicate”
This bug has marked as duplicate. Please follow the parent issue to get new updates.