Closed Bug 203629 Opened 21 years ago Closed 21 years ago

Attached images don't display inline if "Do not load remote images..." is turned on

Categories

(MailNews Core :: Attachments, defect)

Product:
MailNews Core
Component:
Attachments
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla1.4beta

People

(Reporter: paul.hardacre+bugzilla, Assigned: sspitzer)

References

Details

(Keywords: regression, Whiteboard: [for QA, images put into msg compose don't show up, either. (that is fixed, too)])

Attachments

(1 file)

fix, I suck
1.91 KB, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030427
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030427

When you turn on "Do not load remote images in Mail & Newsgroup messages" in the
Iamges section of Privacy & Security preferences, attached images no longer
display inline.

Reproducible: Always

Steps to Reproduce:
1. Turn on "Do not load remote images in Mail & Newsgroup messages" in preferences.
2. View a message with attached images.

Actual Results:  
Attached images did not display although the separator HRs where displayed and
white space was left where the image should be.

Expected Results:  
Show the attached images.
I do not expect Mozilla to act against the preference I´ve set:
"Do not load remote images in Mail & Newsgroup messages"

In what cases should it respect this pref, and when not?
Maybe I was unclear. Up until recently (I don't recall noticing it with the
20030423 build) attached images displayed fine inline and the option applied to
truly remote images such as those dragged in from remote web servers in HTML
messages. In this build it seems to apply to all images, including attachments
and inline images within messages.
This is a very recent regression. This works fine in build 2003042504 and is
broken in build 2003042604 (tested on Windows XP).

I´m CCing some developers who commited Mail/News changes in this period of time.

Maybe this should block 1.4b since this a very commonly used feature and the fix
should be easy to find because of the small amount of code in question.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.4b?
Keywords: regression
taking.

if this is a recent regression, it might be from my checkin for
http://bugzilla.mozilla.org/show_bug.cgi?id=51631

I'll investigate.
Assignee: mscott → sspitzer
Target Milestone: --- → mozilla1.4beta
whoa, this pref also affects inserting messages into message compose!
Status: NEW → ASSIGNED
whoa, this is so me from bug #51631

on it.
fixed.

has r/sr=bienvenu, and makes sense, we you look at what I changed.  (d'oh!)
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Flags: blocking1.4b? → blocking1.4b+
Resolution: --- → FIXED
What did you change in bug 51631? (I can not access it)
Because you changed from a list of protocols not to chech to a short list of
protocols that need to be checked. I don't know if that is a good approach. New
protocols can show up, or old protocols used to show images.
Seth, can you please elaborate on your patch here?

As I understand it, you didn't check with module owner/peers (darin, myself, and
mvl) before checking this in, and it sounds like mvl has some reservations about it.

If there's security-sensitive stuff here, then we'd appreciate it if you could
try to catch one of us on irc so we can go over it.
reopening; hopefully this will generate bugmail to seth...

Seth: please see previous comment.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
From looking at bonsai I learned that originally we only checked a few protocols
anyway. But I liked the other approach. Is there some protocol for inline images
in mail messages that can be checked?
From a security standpoint, this should absolutely be a whitelist of protocols
we can load images from.  As the code stands, it misses gopher, for example. 
And any time an extension that allows a new protocol is installed it will be
opening a mail security hole.
the old code did this:

if !http:// and !https://, return early.  don't bother to check if we are
blocking "remote" images in a mail message.  the reason (I mistakenly thought)
was to optimize and avoid having to do all this checking for chrome:// and
resource://.

so I switched it, in my other patch, to just check for those, and if chrome or
resource, bail, otherwise proceed, to make this check:

if ((a mail message) && (ftp || mBlockRemote)) then block.  (in a mail message,
I never allow <img src="ftp://">,)

but this broke inline (mailbox://, imap://, etc) images, as well as images in
html msg compose and editor.

so, I reverted to:

if !http && !https && !ftp
  return early.
else
  if ((a mail message) && (mBlock || ftp))
    block

to respond to bz:

"As the code stands, it misses gopher, for example.  And any time an extension
that allows a new protocol is installed it will be opening a mail security hole."

not a security issue, but a bug with "block remote images".

so the current code will allow <img src="gopher://"> images to be shown,
assuming gopher doesn't require a username/password.  (bug #51631? will deny any
thing requiring a password prompt)

I guess alternatively, we could do this:

// whitelist
if (chrome, resource, file (for editor), mail related)
  return early;

// everything else, black list
else (http, https, ftp, gopher, etc)
  if ((a mail message) && (mBlock || ftp))
    block

dwitte/bz/darin/et al, what do you think?

this regression (about blocking inline images, horking msg compose, etc), is fixed.

but I'll spin up a new one about the gopher issue, and the change to whitelist /
black list to improve blocking remote images.
Status: REOPENED → RESOLVED
Closed: 21 years ago21 years ago
Depends on: 51631
Resolution: --- → FIXED
the issue about catching more protocols is bug #203940

we can take the discussion there, too.
Blocks: 203940
QA Contact: stephend → nbaca
Whiteboard: [for QA, images put into msg compose don't show up, either. (that is fixed, too)]
Great, thanks for clarifying Seth... and thanks for opening the new bug, btw. ;)
*** Bug 204125 has been marked as a duplicate of this bug. ***
nbaca points out:
"With the pref selected:  I went to a website and drag-n-dropped a graphic file
into a compose window and the image does not appear. Sent the message to myself
and a test account. In both accounts I can view the image whether the pref is
selected or not. Why wouldn't I want to see the image when composing the message?"

she's right, that's a bug.  

what I fixed, when I check in that last patch, was a similar type of problem,
but when you'd try to insert local (file://) images

I had accidentally busted that.


but, I forgot about dnd from web pages
that's http (not ftp) and we should not be blocking that for compose, *ever*,
like you point out.

this pref is supposed to only affect message display
when loading a message, we check the pref
and if we aren't supposed to load remote images
(currently, if the image has the scheme of http:// or https://) we block it.

but again, that should only be in message display, not compose


note, even if we are allowing remote images.
we will never allow ftp:// images


the reason is a privacy issue
if I'm a spammer, I could do
<img src="ftp://abc/foo.gif">
and you could have set it so we send your email address
as your password, for anonyous ftp access!
(see Edit | Prefs | Advanced | Send this email address as anonyous ftp password)

I'll look into the dnd from http compose issue.
Trunk build 2003-05-20: WinMe, Mac 10.1.5
Verified Fixed so local file images now appear.

Logged bug# 205009 to track the problem during a dnd of images from a web page
when composing a new message.
Status: RESOLVED → VERIFIED
Oops, not bug# 205009, use bug# 206793 for the dnd of images from a web page
when composing a new message problem.
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: