291618 - Can drop view-source:javascript links on another tab

Status: RESOLVED DUPLICATE of bug 290982

(Firefox :: Tabbed Browser, defect)

Description

[Paul Nickerson]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

if a link in the format view-source:javascript:eval("script") is dragged to
another tab, it will be executed in the context of the target site

Reproducible: Always

Steps to Reproduce:
Paste the below html into a webpage and open it in firefox. Next, open a site in
another tab, switch back to this tab, then drag the link to the new tab.

<a href="view-source:javascript:eval('alert(document.cookie)')">drag me to
another tab</a>

Actual Results:  
script is executed in the context of the new site

Expected Results:  
the security checker should have recognized the problem and executed "return false;"

Comment 1

[Hixie (not reading bugmail)]

See also bug 204779 -- if you go to a javascript: URI, then view source on it,
it shouldn't run the javascript again, it should just show the source of the
wyciwyg: URI. Once that is fixed, it seems that fixing view-source: to simply
never do anything for javascript:, or to just show the javascript code as the
source, would be fine. That would then presumably solve this bug.

Comment 2

[Boris Zbarsky [:bzbarsky]]

Perhaps we should simply disable view-source:javascript: altogether for the time
being?  In all but the very simplest (and rare) cases, it does the wrong thing....

Comment 3

[Daniel Veditz [:dveditz]]

Confirming, though we were already investigating this based on similar bug 290949

Comment 4

[Daniel Veditz [:dveditz]]

*** This bug has been marked as a duplicate of 290982 ***