Closed
Bug 304833
Opened 19 years ago
Closed 19 years ago
help: doesn't work on linux (MacOS security issue)
Categories
(Core :: Networking, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.8beta4
People
(Reporter: clahey, Assigned: Biesinger)
References
()
Details
(Keywords: fixed1.8)
Attachments
(1 file)
1.08 KB,
patch
|
benjamin
:
review+
roc
:
superreview+
asa
:
approval1.8b4+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050715 Firefox/1.0.6 SUSE/1.0.6-8 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050715 Firefox/1.0.6 SUSE/1.0.6-8 help: was blacklisted because of a security hole on MacOS. However, on linux, help: is used in KDE and probably will be in gnome soon. Therefore, help: should only be blacklisted on MacOS. Reproducible: Always Steps to Reproduce: 1. Link to a help: uri. Actual Results: Doesn't show up as a link. Expected Results: Shown a link.
Reporter | ||
Updated•19 years ago
|
Component: OS Integration → Networking
Product: Firefox → Core
Version: unspecified → 1.7 Branch
Reporter | ||
Updated•19 years ago
|
Version: 1.7 Branch → Trunk
Assignee | ||
Comment 1•19 years ago
|
||
bug 243699 added this pref
Assignee: nobody → darin
Priority: -- → P1
QA Contact: os.integration → benc
Target Milestone: --- → mozilla1.8beta4
Assignee | ||
Comment 2•19 years ago
|
||
Assignee: darin → cbiesinger
Status: UNCONFIRMED → ASSIGNED
Attachment #192832 -
Flags: superreview?(dveditz)
Attachment #192832 -
Flags: review?(benjamin)
Updated•19 years ago
|
Attachment #192832 -
Flags: review?(benjamin) → review+
This particular symptom only happens in 1.7. In 1.8 and later, the situation is different because for a blocked protocol we still allow the URI to be created, we just assign it a "blocked" protocol handler. Although this could would be a problem if we want GNOME or KDE to be able to really load "help:" URLs from the browser via an external protocol handler. Do we? If we don't, or we only want help: URLs to work in particlar embedding applications, then I suggest we *not* use this fix. A particular embedding application could use a profile where this preference was explicitly set to true.
Assignee | ||
Comment 4•19 years ago
|
||
Comment on attachment 192832 [details] [diff] [review] patch dveditz is on vacation, switching sr request I think we still want this. For example, when browsing local documentation, it may want to link to a help file.
Attachment #192832 -
Flags: superreview?(dveditz) → superreview?(roc)
Comment on attachment 192832 [details] [diff] [review] patch ok. this is safe enough as far as we know.
Attachment #192832 -
Flags: superreview?(roc) → superreview+
Assignee | ||
Comment 6•19 years ago
|
||
Checking in modules/libpref/src/init/all.js; /cvsroot/mozilla/modules/libpref/src/init/all.js,v <-- all.js new revision: 3.589; previous revision: 3.588 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 7•19 years ago
|
||
Comment on attachment 192832 [details] [diff] [review] patch allows loading help: uris on non-macos systems; this should be safe since the security issue is only with help: uris on macos.
Attachment #192832 -
Flags: approval1.8b4?
Updated•19 years ago
|
Attachment #192832 -
Flags: approval1.8b4? → approval1.8b4+
Comment 8•19 years ago
|
||
approving but this would have been nice to have nominated earlier in the cycle.
Flags: blocking1.8b4+
Assignee | ||
Comment 9•19 years ago
|
||
sorry, this bug was only pointed out to me a week ago. MOZILLA_1_8_BRANCH: Checking in modules/libpref/src/init/all.js; /cvsroot/mozilla/modules/libpref/src/init/all.js,v <-- all.js new revision: 3.585.2.3; previous revision: 3.585.2.2 done
Keywords: fixed1.8
Comment 10•19 years ago
|
||
Can someone explain to me... what is the valid format of a help: URL? The big problem here is apple went and created a couple lame URL types for their OS. (Then again, Netscape probably was the originator of this bad practice)
You need to log in
before you can comment on or make changes to this bug.
Description
•