Don't mind me…
Posted: Sun Jun 26, 2011 5:58 pm
Just want to test something:
InformAction Forums
NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/
Don't mind me…
Page 1 of 1
Re: Don't mind me…
Posted: Sun Jun 26, 2011 6:02 pm
Re: Don't mind me…
Posted: Sun Jun 26, 2011 6:08 pm
Well, https://bugzilla.mozilla.org/show_bug.cgi?id=619965 is not officially fixed yet but the audio apparently does not play in this case, that's interesting…
/edit: But on Opera it really does. Well, poor Opera users once public forums also start allowing SVGs to be embedded.
/edit: But on Opera it really does. Well, poor Opera users once public forums also start allowing SVGs to be embedded.
Re: Don't mind me…
Posted: Sun Jun 26, 2011 7:19 pm
Unless the domain it is hosted on is Allowed. Then it will play.the audio apparently does not play in this case
Re: Don't mind me…
Posted: Mon Jun 27, 2011 8:13 am
It does not play for me even on a vanilla Firefox (no NoScript).
Does it for you? (When embedded here, not when openend directly)
Does it for you? (When embedded here, not when openend directly)
Re: Don't mind me…
Posted: Mon Jun 27, 2011 2:14 pm
Yes, when the domain it is hosted on is Allowed, then it will play.right clock on the yellow box and click "View Image" and tell me whether the music plays?
Re: Don't mind me…
Posted: Mon Jun 27, 2011 2:27 pm
Error Console logs:
(Can't actually "hear" anything on the computer I'm on now - no sound. Don't know if I had gotten the same EC message yesterday?)
Code: Select all
Security Error: Content at https://bug619965.bugzilla.mozilla.org/attachment.cgi?id=498377 may not load data from https://bugzilla.mozilla.org/attachment.cgi?id=498376.
Re: Don't mind me…
Posted: Mon Jun 27, 2011 2:31 pm
So if I'm understanding, the SVG is only a "pointer", if you will, to another URI, which is the actual .ogg file?
svg-with-audio.svg:
svg-with-audio.svg:
Code: Select all
<svg xmlns="http://www.w3.org/2000/svg"
xmlns:html="http://www.w3.org/1999/xhtml"
width="260" height="30">
<html:audio src="https://bugzilla.mozilla.org/attachment.cgi?id=498376"
autoplay="true"/>
<!-- Descriptive label for the image: -->
<rect y="1" x="1" height="26" width="256"
style="fill: yellow; stroke-width: 2; stroke: black"/>
<text x="5" y="20">This SVG contains audio.</text>
</svg>
Code: Select all
06/27/2011 10:29:02 AM.750 Connecting to bugzilla.mozilla.org:443
06/27/2011 10:29:03 AM.031 Connecting to 63.245.217.60:443
06/27/2011 10:29:03 AM.125 Connected.
06/27/2011 10:29:03 AM.125 Establishing SSL session.
06/27/2011 10:29:03 AM.343 GET /attachment.cgi?id=498376 HTTP/1.1
06/27/2011 10:29:03 AM.343 Accept: */*
06/27/2011 10:29:03 AM.343 Referer: https://bugzilla.mozilla.org/attachment.cgi?id=498376
06/27/2011 10:29:03 AM.343 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
06/27/2011 10:29:03 AM.343 Host: bugzilla.mozilla.org
06/27/2011 10:29:03 AM.343 Connection: Keep-Alive
06/27/2011 10:29:03 AM.343 Pragma: no-cache
06/27/2011 10:29:03 AM.343 Cache-Control: no-cache
06/27/2011 10:29:03 AM.562 HTTP/1.1 302 Found
06/27/2011 10:29:03 AM.562 Date: Mon, 27 Jun 2011 14:29:02 GMT
06/27/2011 10:29:03 AM.562 Server: Apache
06/27/2011 10:29:03 AM.562 X-Backend-Server: pp-app-bugs02
06/27/2011 10:29:03 AM.562 Strict-transport-security: max-age=2629744; includeSubDomains
06/27/2011 10:29:03 AM.562 X-frame-options: SAMEORIGIN
06/27/2011 10:29:03 AM.562 Location: https://bug619965.bugzilla.mozilla.org/attachment.cgi?id=498376
06/27/2011 10:29:03 AM.562 Content-Length: 247
06/27/2011 10:29:03 AM.562 Keep-Alive: timeout=300, max=982
06/27/2011 10:29:03 AM.562 Connection: Keep-Alive
06/27/2011 10:29:03 AM.562 Content-Type: text/html; charset=iso-8859-1
06/27/2011 10:29:03 AM.562 Redirect to https://bug619965.bugzilla.mozilla.org/attachment.cgi?id=498376
06/27/2011 10:29:03 AM.578 Connecting to bug619965.bugzilla.mozilla.org:443
06/27/2011 10:29:03 AM.765 Connecting to 63.245.217.61:443
06/27/2011 10:29:03 AM.875 Connected.
06/27/2011 10:29:03 AM.875 Establishing SSL session.
06/27/2011 10:29:04 AM.093 GET /attachment.cgi?id=498376 HTTP/1.1
06/27/2011 10:29:04 AM.093 Accept: */*
06/27/2011 10:29:04 AM.093 Referer: https://bug619965.bugzilla.mozilla.org/attachment.cgi?id=498376
06/27/2011 10:29:04 AM.093 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
06/27/2011 10:29:04 AM.093 Host: bug619965.bugzilla.mozilla.org
06/27/2011 10:29:04 AM.093 Connection: Keep-Alive
06/27/2011 10:29:04 AM.093 Cookie: SSID_AMO=AwAQSykAAAAAF3dyTJngBgEEk7NLDABnB4BMAAAAAAAAAABnB4BMAQApAAAArwAAAAI; WT_FPC=id=25475ab2245a338ee441273225753373:lv=1306234754524:ss=1306234722012; SSRT=ZweATAE; dloadday=151.196.251.111.1300908761560965; wtspl=999365; __qca=P0-1572015391-1307631022123
06/27/2011 10:29:04 AM.093 Pragma: no-cache
06/27/2011 10:29:04 AM.093 Cache-Control: no-cache
06/27/2011 10:29:04 AM.359 HTTP/1.1 200 OK
06/27/2011 10:29:04 AM.359 Date: Mon, 27 Jun 2011 14:29:03 GMT
06/27/2011 10:29:04 AM.359 Server: Apache
06/27/2011 10:29:04 AM.359 X-content-type-options: nosniff
06/27/2011 10:29:04 AM.359 Content-disposition: inline; filename="narodilse.ogg"
06/27/2011 10:29:04 AM.359 X-Backend-Server: pp-app-bugs01
06/27/2011 10:29:04 AM.359 Content-length: 160927
06/27/2011 10:29:04 AM.359 Keep-Alive: timeout=300, max=1000
06/27/2011 10:29:04 AM.359 Connection: Keep-Alive
06/27/2011 10:29:04 AM.359 Content-Type: audio/ogg; name="narodilse.ogg"; charset=
06/27/2011 10:29:04 AM.375 Start receiving data.
06/27/2011 10:29:05 AM.296 Finished at 160927
Re: Don't mind me…
Posted: Mon Jun 27, 2011 3:38 pm
It plays for me on a vanilla Firefox.dhouwn wrote:It does not play for me even on a vanilla Firefox (no NoScript).
Does it for you? (When embedded here, not when openend directly)
Edit: but only when I right-click > View Image.
Re: Don't mind me…
Posted: Mon Jun 27, 2011 7:09 pm
Yepp, it does not work because it's hosted on Bugzilla (and Opera plays it because it does not support these control mechanisms), that's also why the zipped testcase was added to the bug report.therube wrote:Code: Select all
Security Error: Content at https://bug619965.bugzilla.mozilla.org/attachment.cgi?id=498377 may not load data from https://bugzilla.mozilla.org/attachment.cgi?id=498376.
But I believe I found a quirks with NoScript there I might report later.
That's not the interesting case, when openened as a top-level document anything in the SVG should run, media and scripts included. Embedding with <img> is the interesting case because people might not expect from an image that it plays music.Alan Baxter wrote:Edit: but only when I right-click > View Image.
Re: Don't mind me…
Posted: Mon Jun 27, 2011 7:19 pm
I can hear, I can hear! (Newly Installed Sound Card Crashes (Hangs) System)(Can't actually "hear" anything on the computer I'm on now - no sound.)
Re: Don't mind me…
Posted: Wed Nov 16, 2011 5:47 am
don't mind me.. i am just testing, too..dhouwn wrote:Just want to test something:
