155102: Losing data with Firefox 3 and Opera 10 Alpha

It doesn’t really matter much these days which browser you are using. On the whole I find Opera less annoying to use than Firefox, and Opera additionally has some nice perks like better keyboard access and Opera Link.

Once in a while there are things that really makes a difference. On top of my list is that a browser should never lose my data. On the whole Opera is pretty good in this regard, but it has a huge gaping hole in its armour. If you type in text and the window is closed, you can restore the window but the text is lost. This is almost adding insult to injury, as you can see the empty space where the text you worked so hard at used to be. This excruciatingly horrible bug has a name, 155102, and has been known for a while now, but for a number of reasons it has taken time to fix.

The workaround is simple: Never put anything valuable directly into a textarea. I have used Notes, I have used mail compose windows, I have used external programs. They all have their disadvantages. Copy to note (Ctrl+Shift+C) is particularly convenient and very robust, but you end up with your notes full of half-written texts, and with Opera Link those texts are synchronised to every Opera client you have, which in my case is quite a few. Opera Mail and external programs often mangle whitespace. The biggest problem with all workarounds is that you don’t always know you’re going to write a long text, and the web page text entry boxes are alluringly convenient.

I am fairly active in the forums, and while I could do the workarounds above, or make sure to preview often, which usually does the trick, in practice I am too lazy to do either. So when I lost and had to retype a longer post yesterday, and lost another one today, I decided I couldn’t wait any longer, so I downloaded Firefox 3 and Opera 10 alpha. Firefox is reported to restore user entered text, though when I tested it it didn’t work. Maybe I have to find some particular extension. The bug isn’t fixed in 10 alpha either, so I am back to Opera 9, looking for a better way out. Suggestions would be appreciated.

The Masters of My Opera could add an AJAXY Javascript to automatically save the posts-in-writing, but those scripts are fairly intrusive and liable to fail with different browser configurations, as well as slowing things down. This really ought to be done by the web client, only that none seem to do that now.

Join the Conversation

  1. there already is a script doing just that :)http://addedbytes-userscripts.googlecode.com/svn/trunk/auto_save_forms.user.js

  2. Hi,The userjs given by larskl is, as far as I am concerned, kind of an ugly way to do this.The idea is good, but using cookies to store the data is really not safe. Cookies mean that the data you write is available on the server side.That means that everything you write, and especially passwords (since the given script seems to be saving the passwords too), are available on the server side.Of course, it might not be the worst security hole to give your password to an administrator of the site you’re in but, you know, people tend to use the same password for a whole bunch of sites.Anyways, my point was: just activate file i/o for the userjs and the problem will be solved!

  3. A submitted password is not a secret, except to a third party. In theory the user can enter a password, change his mind, and then submit another password. If Opera crashes in the meantime, the server could access a password, or more likely a password draft, it wouldn’t otherwise have access to. This is however an unlikely scenario, so the security implications are slight. What you said about reuse of passwords is true, but irrespective of this script. People do reuse passwords, which allows harvesting of passwords. If people at blackhat.org wants access to an account at whitehat.org, all they need to do is to make a site users of whitehat.org would be interested in, and then try the username-password combos on whitehat.org one by one.A little social engineering will make it more likely to harvest useful passwords. If once in a while blackhat.org sends a fake response that the password is invalid, the user is more likely to respond with a password used elsewhere. It might be possible to out the guys at blackhat.org by making fake users at a number of different sites, each with a unique long password. If someone later tries to log in at honeypot.org with that given password, the offending site can be tracked down, and possibly taken down (I don’t know the criminal status of harvesting passwords and using them).This is an inherent problem with passwords, not with the UserJS. A better way to solve the identification problem is to use a challenge/response approach. You might want to see my token message, soon to be updated using/extending the HTML5 keygen element.I use the UserJS, and it has saved my data, and I am grateful for that. It isn’t side-effect free however and it does have issues and limitations. This really should be a native functionality of the browser.

Comment

Your email address will not be published. Required fields are marked *