AddSearchProvider() should accept data: URL for icons, or at least have a better error message

UNCONFIRMED
Unassigned

Status

()

defect
P3
normal
UNCONFIRMED
3 years ago
3 years ago

People

(Reporter: alien426, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [fxsearch])

Reporter

Description

3 years ago
What did you do?
================
I made a script that installs search engines.

What happened?
==============
When run from a page with data URI scheme ("data:image/gif;base64,[...]") for the favicon (<link rel="shortcut icon" [...]>), that script failed to install any search engine.

The console read "Invalid argument passed to window.external.AddSearchProvider: Unsupported search icon URL: [xpconnect wrapped nsIURI]".

What should have happened?
==========================
MainProcessSingleton.js should NOT have checked for "if (iconURL && isWeb.indexOf(iconURL.scheme) < 0)".

Is there anything else we should know?
======================================
I do not know how that check would improve security.

If you don't want to remove it for some reason, please do at least make the error message more helpful, since one would (of course) assume that it is related to the AddSearchProvider() call or the search engine file at the given URI.
Component: Search → Untriaged
Product: Mozilla Developer Network → Firefox
Component: Untriaged → Search
Displaying "[xpconnect wrapped nsIURI]" instead of the actual URL in the error messages is a regression from bug 1068186.

The last time the icon URL check was actually touched is in bug 550290 (to remove the check for specific file extensions). This check has always been there (it's part of the patch from bug 337780). Support for FTP url was added after the fact in bug 342010.

I don't see why supporting data: urls would be a problem. I assume they were less common in 2006 when this check was implemented.
Priority: -- → P3
Summary: Firefox: Remove check for whether current page's favicon has URI in AddSearchProvider() → AddSearchProvider() should accept data: URL for icons, or at least have a better error message
Whiteboard: [specification][type:bug] → [fxsearch]
You need to log in before you can comment on or make changes to this bug.