Need checks for setting URLs

VERIFIED FIXED in M11

Status

()

defect
P3
normal
VERIFIED FIXED
20 years ago
2 years ago

People

(Reporter: norrisboyd, Assigned: norrisboyd)

Tracking

Trunk
All
Windows NT
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Assignee

Description

20 years ago
Need an equivalent of lm_CheckURL from the 4.x codebase to check that URLs set
from mobile code can't access secure resources (filesystem, chrome, etc.).
Assignee

Updated

20 years ago
Blocks: 7252
Status: NEW → ASSIGNED
Assignee

Updated

20 years ago
Blocks: 7254
No longer blocks: 7252
Assignee

Updated

20 years ago
Target Milestone: M11
Assignee

Updated

20 years ago
Blocks: 12633
Assignee

Updated

20 years ago
Blocks: 10194
Assignee

Comment 1

20 years ago
Is it sufficient to add checks before all calls to LoadURL from the DOM?
Assignee

Updated

20 years ago
Whiteboard: Linux debugging help needed
Assignee

Comment 2

20 years ago
I've added nsScriptSecurityManager::CheckURI and calls to it from the DOM. These
calls are checked in, but the code in CheckURI is disabled because it caused
regressions. The regressions are bringing up the "Manage Bookmarks" item and the
Preferences box. These work on my Windows build but apparently not on Linux.
Assignee

Updated

20 years ago
Blocks: 9806
Assignee

Updated

20 years ago
Blocks: 9810
Assignee

Updated

20 years ago
No longer blocks: 9810
Assignee

Updated

20 years ago
Whiteboard: Linux debugging help needed → Help wanted: Linux debugging help needed
Assignee

Updated

20 years ago
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Whiteboard: Help wanted: Linux debugging help needed
Assignee

Comment 3

20 years ago
Enabled checks today.

Comment 4

20 years ago
Norris, please verify this one or please provide testcase to verify.

Updated

20 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.