> about:socialerror?mode=tryAgain&url=data:text/html,<script>alert(1)</script>&directory=aa&origin=bb This can not be easily exploited, but it still worries me a bit :-) Can we change this to just allow HTTP/HTTPs URLs? Maybe this is a good first bug?
The page has been removed in bug 1388902.
Status: NEW → RESOLVED
Last Resolved: 9 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.