Closed
Bug 450764
Opened 16 years ago
Closed 15 years ago
Block xpi file links in comments
Categories
(addons.mozilla.org Graveyard :: Public Pages, enhancement)
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: aryx, Unassigned)
Details
Please block xpi file links in comments, especially if the add-on is incompatible with the current version, some (most?) users trend to install it without thinking about the vulnerabilites which could be in it. Often, these are simply version bumped files or with a few lines modified. A warning box above the comment (if it contains an xpi link) is also a possible solution.
Comment 1•16 years ago
|
||
I am not sure if this would be effective? What if people point to an xpi through tinyurl?
Comment 2•16 years ago
|
||
This has been discussed before and was the main reason we stalled on allowing developers to use HTML or autolink URLs 2 years ago. The only solution we came up with was pointing all external URLs through a redirector I think.
Comment 3•16 years ago
|
||
Yeha, the file could also be rewritten, so not sure how much a redirector would help unless it downloaded the link first or checked its mimetype before redirecting the user? The easiest thing to do would probably be to move public pages onto a new domain and whitelist that domain in the install API or something similar. Like addons.mozilla.com or something?
Comment 4•15 years ago
|
||
You can't add links to comments, ->invalid
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 5•15 years ago
|
||
Well, either the people have extensions like Linkification installed or will open the url manually.
Comment 6•15 years ago
|
||
(In reply to comment #5) > Well, either the people have extensions like Linkification installed or will > open the url manually. It's true, people might do that, but the chances are pretty slim.
Status: RESOLVED → VERIFIED
Assignee | ||
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•