Need an equivalent of lm_CheckURL from the 4.x codebase to check that URLs set from mobile code can't access secure resources (filesystem, chrome, etc.).
Is it sufficient to add checks before all calls to LoadURL from the DOM?
I've added nsScriptSecurityManager::CheckURI and calls to it from the DOM. These calls are checked in, but the code in CheckURI is disabled because it caused regressions. The regressions are bringing up the "Manage Bookmarks" item and the Preferences box. These work on my Windows build but apparently not on Linux.
Whiteboard: Linux debugging help needed → Help wanted: Linux debugging help needed
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Whiteboard: Help wanted: Linux debugging help needed
Enabled checks today.
Norris, please verify this one or please provide testcase to verify.
You need to log in before you can comment on or make changes to this bug.