1257806 - AddSearchProvider() should accept data: URL for icons, or at least have a better error message

Status: RESOLVED WONTFIX

(Firefox :: Search, defect, P3)

Description

[alien426]

What did you do?
================
I made a script that installs search engines.

What happened?
==============
When run from a page with data URI scheme ("data:image/gif;base64,[...]") for the favicon (<link rel="shortcut icon" [...]>), that script failed to install any search engine.

The console read "Invalid argument passed to window.external.AddSearchProvider: Unsupported search icon URL: [xpconnect wrapped nsIURI]".

What should have happened?
==========================
MainProcessSingleton.js should NOT have checked for "if (iconURL && isWeb.indexOf(iconURL.scheme) < 0)".

Is there anything else we should know?
======================================
I do not know how that check would improve security.

If you don't want to remove it for some reason, please do at least make the error message more helpful, since one would (of course) assume that it is related to the AddSearchProvider() call or the search engine file at the given URI.

Comment 1

[Florian Quèze [:florian]]

Displaying "[xpconnect wrapped nsIURI]" instead of the actual URL in the error messages is a regression from bug 1068186.

The last time the icon URL check was actually touched is in bug 550290 (to remove the check for specific file extensions). This check has always been there (it's part of the patch from bug 337780). Support for FTP url was added after the fact in bug 342010.

I don't see why supporting data: urls would be a problem. I assume they were less common in 2006 when this check was implemented.

Comment 2

[Mark Banner (:standard8)]

Per the recent intent to unship, AddSearchProvider will be going away in bug 1632447/1632448, hence closing as wontfix.