Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Polyfill breaks websites on Pale Moon (XMLHTTPRequest?) #7

Closed
wolfbeast opened this issue Mar 22, 2019 · 6 comments · Fixed by #12
Closed

Polyfill breaks websites on Pale Moon (XMLHTTPRequest?) #7

wolfbeast opened this issue Mar 22, 2019 · 6 comments · Fixed by #12
Assignees
@JakeChampion

Comments

@wolfbeast
Copy link

Bug report

What

  • Misdetection of Pale Moon (and potentially other Firefox forks)
  • XMLHTTPRequest polyfill wrong, resulting in:
    TypeError: 'dispatchEvent' called on an object that does not implement interface EventTarget.

Details

I ran into this on PayPal of all places, breaking their web interface and preventing me from doing pretty much anything! This is a critical problem.
The console was spammed with the following types of errors:

18:55:39.359 TypeError: 'dispatchEvent' called on an object that does not implement interface EventTarget. 1 polyfill.js:6652:4
	XMLHttpRequest/nativeRequest.onreadystatechange https://cdn.polyfill.io/v3/polyfill.js:6652:4
	e.exports/n.onreadystatechange https://www.paypalobjects.com/web/res/*****/js/xhr-ads.min.js:1:17248
	e.exports/c.open https://www.paypalobjects.com/web/res/*****/js/xhr-ads.min.js:1:16760
	open https://cdn.polyfill.io/v3/polyfill.js:6692:3
	chatAsyncUtils/this.doGet https://www.paypal.com/smarthelp/js/minihelp/helpcenter-8ball-spark.js:410:7
	mountChat https://www.paypal.com/smarthelp/js/minihelp/helpcenter-8ball-spark.js:449:7
	helpcenter8ballSpark https://www.paypal.com/smarthelp/js/minihelp/helpcenter-8ball-spark.js:492:3
	<anonymous> https://www.paypal.com/smarthelp/js/minihelp/helpcenter-8ball-spark.js:23:11

And it would hang and block any action on their site.

A workaround was to feed polyfill.io an "official" Firefox useragent with a site-specific override:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.9) Gecko/20100101 Firefox/60.9

Our normal Firefox-compat UA string does NOT work and makes the lib bork:
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.9) Gecko/20100101 Goanna/4.1 Firefox/60.9 PaleMoon/28.4.0
As an aside, we have 2 other UA modes our users may be using:

  • Native: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.9) Goanna/4.1 PaleMoon/28.4.0
  • Gecko compatibility: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.9) Gecko/20100101 Goanna/4.1 PaleMoon/28.4.0

Additional information

Why are you not doing feature detection and are you relying on UA sniffing instead? Why are you overwriting functions like XHR which already exist?
Or for that matter: why are you polyfilling anything if you don't recognize a UA?
@wolfbeast
Copy link
Author

FTR, this also affects Basilisk.
Image1

@JakeChampion
Copy link
Owner

@wolfbeast you're additional information section is incorrect. When we don't recognise a UA, we serve polyfills behind feature-detection by default. A website can override our default configuration if they wish and serve all polyfills to an unknown UA and not put them behind feature-detects, which is what it sounds like the website is doing.

If you can let us know the full polyfill.io URL that was used and post a small amount of code that reproduces the error, that would be very helpful in enabling us to resolve this issue.

@wolfbeast
Copy link
Author

wolfbeast commented May 15, 2019
edited

Why did you close this issue while requesting more information? It's clearly a problem (although we've been working around it for 2 months now...).
The URL is in the error message I quoted, including the line/column numbers:
https://cdn.polyfill.io/v3/polyfill.js:6652:4

I don't have a PoC because I'm not familiar with using your polyfill and I don't have time to sink into this right at this moment.

My post makes observations without knowing the internal workings of your polyfill. It's purely based on observations of behavior, and you ARE using UA sniffing or our workaround would not have worked.
See: https://github.com/MoonchildProductions/UXP/commit/8ca6744b2ff05ef91d74e950f387df63b0306925

@JakeChampion
Copy link
Owner

Yes, we use UA sniffing and if we detect a browser we do not support we then return a bundle which has feature detection built-in. But as I said, others website can configure our service as they please and it seems that is the case here, that they have configured our service to not return feature detects within the bundle.

We use the https://github.com/ua-parser/uap-core library for user-agent detection and we then attempt to normalise user-agents which are similar such as palemoon and firefox here.

I will reopen the issue and move it to https://github.com/Financial-Times/polyfill-useragent-normaliser as I believe that is where the real issue is.

@JakeChampion JakeChampion reopened this May 15, 2019
@JakeChampion JakeChampion transferred this issue from polyfillpolyfill/polyfill-service May 15, 2019
@wolfbeast
Copy link
Author

Apologies if I posted this in the wrong repository.
It does indeed seem that the normalization has a bug in that case, or at the very least needs to be made aware of UXP applications.

@JakeChampion
Copy link
Owner

Hmm, for this one I would imagine we would have to depend on the gecko compat UA string and remove the Goanna and PaleMoon section with a regex, similar to #9.

@JakeChampion JakeChampion self-assigned this Jun 28, 2019
@JakeChampion JakeChampion mentioned this issue Jul 3, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JakeChampion JakeChampion

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@JakeChampion @wolfbeast