Remember extensions or the history of one bug

Prehistory

Once came to us in the mail the user's letter dissatisfied. “Your photos are not uploaded to my site,” the user said and attached a screenshot to the letter. In the screenshot there was a layer with a picture, and instead of a picture - trimming from the tag.

(on the left - for ordinary users, on the right - for the angry)

In those days, the download was made simply - through the form that is submitted in the iframe and then from there it takes a part of the file name from the answer in plain-text, with which you can get a link to the file already on our server. “Fashionable” loading via XmlHttpRequest2 and FormData was only in the plans.

Having broken my head for a while, I redid the creation of the image manually, and attribute it with setAttribute , instead of creating the element directly through plain-html. As it turned out much later, bestolku, but it does not matter - the user is tired of communicating with us, we could not reproduce ourselves (although we tried very hard) and put the problem off to the back, no one complained anymore.

Suddenly

After more than six months, when the download of the pictures was altered to a new way , with a progress bar and fashionable chips, the tester called me, who decided to write the download test in the old way, via iframe, on browsers that do not support XmlHttpRequest2 or FormData . I went up to him and saw the same thing that once sent us an angry user in the screenshot. Right here, in the browser, you can podebazhit, even played all the time!
')
I open FireBug, look at the result that has returned to the iframe and see that everything is ok, look in javascript and see that there is actually some enemy inside the iframe. Probably late, but it dawned on me and I went to disable the extensions and, one by one, check. Indeed, the case turned out to be in one of the extensions. And this option initially somehow did not even come to my mind, although at that time I had several extensions, one of which already had several thousand users. In the extension (I have no idea why) the author decided to insert in general all possible documents, his own special one.

Something like this (formatting is saved, the identifier is replaced in order not to identify the extension):

 if(!doc.body)return; if(doc.getElementById('xxx')) return; var tmp = doc.createElement("div"); tmp.setAttribute("style", "display:none"); tmp.setAttribute("id",'xxx'); (doc.body||doc.head[0]).appendChild(tmp); 

I didn’t even swear on the huge sheet of the scary extension code, but just smiled - the problem was so simple.

Repair Crutch

Do not write the same to the developer of the extension, especially since it is far from the only one that the enemy inserts into her everything that is possible, her trinkets. The old way of downloading files is used by us, although rarely, but it is used, so they fixed the whole thing on their side in such a fast way:

 var $source = $('<div />').html(iframeBodyContent), filename; $source.children().remove(); filename = $.trim($source.text()); 

Nested tags are cut out, only plain text remains, hooray! All work, all possible victims are satisfied.

Why did I even write it all here?

Extensions to browsers, both high-quality and not-so (such, alas, most), are becoming more and more. Most extensions brazenly crashes into your code and somehow modifies it. And they are not all equally useful. I was very lucky that the tester had that ill-fated plugin.

Be vigilant (there should be a smiley, but the stern UFO warned that you should not insert it here).