Closed
Bug 439238
Opened 16 years ago
Closed 16 years ago
Firefox doesn't include XSL file to the XML one located in a parent directory.
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 397894
People
(Reporter: faw217, Unassigned)
References
()
Details
Attachments
(1 file)
|
586 bytes,
application/x-gzip
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9) Gecko/2008052906 Firefox/3.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9) Gecko/2008052906 Firefox/3.0 When declaring a path to the XSL file, which is located in a parent directory, e.g. '<?xml-stylesheet type="text/xsl" href=".././modx.prosilver.en.xsl"?>', the Firefox ignores it and the XML file is just parsed as a normal XML file, not transformed by XSLT. Reproducible: Always Steps to Reproduce: 1. Make a XML file. 2. Include XSL file, which is located in parent directory by e.g. <?xml-stylesheet type="text/xsl" href="../../file.xsl"?>. 3. Run the document in Firefox. Actual Results: The content of a XML file was parsed and written down without any style. Expected Results: The XML file should have been transformed by XSLT, using included XSL file.
IMPORTANT: I've just made some tests and what I noticed is that the problem is occuring only when the XML file with XSL file are located on the PC HDD, so Firefox is browsing the files using file:// protocol. The problem doesn't occure browsing the web pages.
I just came across that very same behaviour and wanted to file a bug when i saw this :) - If you have a look in the error-console you'll notice that it's a security issue, Firefox does not load the stylesheet from a higher-level because of some weird security considerations. The funny thing is, if you create another file in the parent directory which contains a link to the file in the subdirectory, the document will be rendered correctly (the stylesheet will be loaded and applied to the document). Firefox2 and Opera do display the file in both situations correctly (once opened via link from the file in the parent-directory, once opened directly). IMHO that's a very paranoid settings, at least the user should be able to disable the behaviour (is their a configuration-setting for this?), best in the preferences-dialog (i suppose in "security") or firefox should ask for loading the external file (maybe with the same nice uncomplicated infobar like when entering passwords).
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
In this archive you find a sample directory structure with the files "x.xml", "y.htm" and "style.xsl" in the main directory and another "x.xml" in the subdirectory "subdir". When opening "y.htm" and following the link to "subdir/x.xml" the stylesheet will be loaded. When opening "subdir/x.xml" directly, the stylesheet won't be loaded. When opening "x.xml" in the main directory directly the stylesheet will be loaded. This is very annoying: I buyed a DVD from the german gutenberg project recently, a project collecting german literature. On that dvd there is an xsl-stylesheet in the root directory and an "index.htm" file which opens a popup to the start-page. In the subdirectories there are XML-files, grouped into directories by author. When accessing the contents that way (via index.htm), everything is okay. When going to a subdirectory and opening some of the pages directly you'll only see ****. I can't imagine that this is the intended behaviour for firefox3! I can't see the security problem here. How could a malicious person obtain information from me be applying an XSL-Stylesheet from a parent-directory?
I can't see here any risk for security. But even if, I think that this restriction should be changeable in Security options.
You need to log in
before you can comment on or make changes to this bug.
Description
•