Closed Bug 102987 Opened 23 years ago Closed 16 years ago

Use more secure way of getting current document URL in links toolbar

Categories

(SeaMonkey :: UI Design, defect)

Product:
SeaMonkey
Component:
UI Design
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: gerv, Unassigned)

References

Details

Back in bug 87428, jst said:

------- Additional Comments From jst@netscape.com 2001-10-01 08:13 -------
One can also use

  var ifrq = window.QueryInterface(Components.interfaces.nsIInterfaceRequestor);
  var uri = ifrq.getInterface(Components.interfaces.nsIWebNavication).currentURI;

to get at the current URI if you have full XPConnect priveleges. This is not
100% bullet proof either, but it's less likely to be wrong than using location.href

And someone else said we should use this method instead of the current one.

Gerv
From what I understand, there was an issue with that method leaking memory that
was never solved. It is instead recommended to use _content.location until there
is a resolution.

That bug was bug 61886.

adding as depends
Depends on: 61886
"It is instead recommended to use _content.location until there
is a resolution."

I would prefer:  getBrowser().webNavigation.currentURI.spec

_content.location itself looks like a security hazard too :)

/HJ
QA Contact: sairuh → claudius
Blocks: 103053
I'll leave mstoltz to make the final call. He intends to play with the Links
toolbar from a security point of view.

Gerv
mstoltz: what did you decide about this?

Gerv
mstoltz: ping?

Gerv
Assignee: gerv → nobody
Product: Core → Mozilla Application Suite
The links toolbar is dead :-(

Gerv
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.