Open Bug 920102 Opened 11 years ago Updated 2 years ago

Redirect on drop to out of scope URL

Categories

(Core :: DOM: Events, defect, P5)

Product:
Core
Component:
DOM: Events
Version:
26 Branch
Platform:
x86_64
Linux
Type:
defect

Tracking

()

People

(Reporter: robin, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release)
Build ID: 20130821082411

Steps to reproduce:

Drag & Drop:

http://www.robin-gloster.de/drop-redirect.html


Actual results:

redirected to url in local scope


Expected results:

nothing special
Do you see any difference if you use 'text/plain' instead of 'Text' in the setData call?
Status: UNCONFIRMED → NEW
Ever confirmed: true
No doesn't make any difference. The only way I have found to prevent redirects is 

I think there are multiple parts to this bug.

1. Why does firefox redirect on drop event in the first place as default? I can't see any use case where I would want that behaviour.

2. If (1) is intended I don't see why it would redirect to the *id* of the dropped element/

3. This is no ordinary redirect via location.href
   - location.href doesn't allow url change to file:/// (possibly security implications when finding a way to execute code on file via XSS or some other bug etc.) 
   - id="file:///etc/passwd" doesn't redirect id="/etc/passwd"
   - it uses some part of the URL autocorrection feature (id="task2" -> task2.com)
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.