Open
Bug 199225
Opened 21 years ago
Updated 2 years ago
Come up with a better way to disable JS and data urls in history
Categories
(Firefox :: Bookmarks & History, defect, P5)
Tracking
()
NEW
People
(Reporter: nisheeth_mozilla, Unassigned)
Details
With the fix for bug 161546, when a user tries to load JS and data urls in the history sidebar or window, an alert dialog pops up saying that such urls cannot be loaded. We want to come up with a better way to do this that avoids alerts. Some suggestions are to: 1) Gray out js and data urls. 2) Don't display js and data urls in the history sidebar or window at all. Comments are welcome!
Comment 1•21 years ago
|
||
we should NOT just grey them out, think what a terrible user experience that would be - you see the URL in the history window, but you can't actually click on it. Why not? Who knows, ts just greyed out! There's no feedback to the user. My suggestion is that instead of fixing this bug that we come up with a way to actually run the urls in their own context, much like we do with bookmarks and the url bar.. they aren't security risks, right? so why are we treating history as some special thing? my suggestion is to WONTFIX this.
Comment 2•21 years ago
|
||
Not sure bug 161546 should remain fixed... now that only typed javascript: urls show up in history there really doesn't seem to be a security problem with people hacking themselves if it ran in the context of the current page, and in fact it could be useful. Oh well, autocomplete works, and they can always be bookmarked and still work. I wouldn't want them to be totally gone, though. I agree w/alecf that disabled without an explanation sucks, but if they're present in the list at least the user can right-click to get the context menu and then save complex urls as bookmarks, or copy them. Really, I'm OK with the security dialog -- clicking on these things would be pretty rare.
Comment 3•21 years ago
|
||
nisheeth, can you set the target milestone on this one? thx
Reporter | ||
Comment 4•21 years ago
|
||
Setting target milestone to 1.5 alpha...
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.5alpha
Reporter | ||
Updated•21 years ago
|
Target Milestone: mozilla1.5alpha → mozilla1.5beta
Comment 5•19 years ago
|
||
This bug doesn't need to be hidden anymore because the security hole it refers to was fixed a long time ago.
Assignee: nisheeth_mozilla → nobody
Group: security
Status: ASSIGNED → NEW
QA Contact: chrispetersen → history.global
Updated•7 years ago
|
Component: History: Global → Bookmarks & History
Product: Core → Firefox
Target Milestone: mozilla1.5beta → ---
Updated•6 years ago
|
Priority: -- → P5
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•