Closed Bug 11462 Opened 25 years ago Closed 25 years ago

Need checks for setting URLs

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Platform:
All
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

Details

Attachments

(1 file)

GitHub Pull Request
63 bytes, text/x-github-pull-request
Details | Review 
Need an equivalent of lm_CheckURL from the 4.x codebase to check that URLs set
from mobile code can't access secure resources (filesystem, chrome, etc.).
Blocks: 7252
Status: NEW → ASSIGNED
Blocks: 7254
No longer blocks: 7252
Target Milestone: M11
Blocks: 12633
Blocks: 10194
Is it sufficient to add checks before all calls to LoadURL from the DOM?
Whiteboard: Linux debugging help needed
I've added nsScriptSecurityManager::CheckURI and calls to it from the DOM. These
calls are checked in, but the code in CheckURI is disabled because it caused
regressions. The regressions are bringing up the "Manage Bookmarks" item and the
Preferences box. These work on my Windows build but apparently not on Linux.
Blocks: 9806
Blocks: 9810
No longer blocks: 9810
Whiteboard: Linux debugging help needed → Help wanted: Linux debugging help needed
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Whiteboard: Help wanted: Linux debugging help needed
Enabled checks today.
Norris, please verify this one or please provide testcase to verify.
Status: RESOLVED → VERIFIED
Attached file GitHub Pull Request
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: