Closed
Bug 11462
Opened 25 years ago
Closed 25 years ago
Need checks for setting URLs
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
VERIFIED
FIXED
M11
People
(Reporter: norrisboyd, Assigned: norrisboyd)
References
Details
Attachments
(1 file)
Need an equivalent of lm_CheckURL from the 4.x codebase to check that URLs set from mobile code can't access secure resources (filesystem, chrome, etc.).
Assignee | ||
Updated•25 years ago
|
Assignee | ||
Updated•25 years ago
|
Target Milestone: M11
Assignee | ||
Comment 1•25 years ago
|
||
Is it sufficient to add checks before all calls to LoadURL from the DOM?
Assignee | ||
Updated•25 years ago
|
Whiteboard: Linux debugging help needed
Assignee | ||
Comment 2•25 years ago
|
||
I've added nsScriptSecurityManager::CheckURI and calls to it from the DOM. These calls are checked in, but the code in CheckURI is disabled because it caused regressions. The regressions are bringing up the "Manage Bookmarks" item and the Preferences box. These work on my Windows build but apparently not on Linux.
Assignee | ||
Updated•25 years ago
|
Whiteboard: Linux debugging help needed → Help wanted: Linux debugging help needed
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Whiteboard: Help wanted: Linux debugging help needed
Assignee | ||
Comment 3•25 years ago
|
||
Enabled checks today.
Comment 4•25 years ago
|
||
Norris, please verify this one or please provide testcase to verify.
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Comment 5•2 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•