Closed
Bug 138308
Opened 23 years ago
Closed 22 years ago
Pref to block images from third party servers doesn't block IFRAMES from thrid party servers
Categories
(Core :: Graphics: Image Blocking, defect, P2)
Tracking
()
Future
People
(Reporter: saveliev, Assigned: security-bugs)
References
()
Details
Here's the javascript used:
http://ar.atwola.com/file/adsWrapper.js
The htmlAdWH function.
Looks like iframe image blocking issue.
Comment 1•23 years ago
|
||
those images are in different servers, you are probably blocking images from
'www.cnn.com', while the images are located in 'i.cnn.net',
'toolbar.netscape.com' and 'ar.atwola.com'
Comment 2•23 years ago
|
||
I cannot reproduce this bug in Moz1-RC1 for Linux. Reporter
(asavelev@eni-net.com), please can you check to see whether this bug is still
present in a recent build (Moz1-RC1 or a new nightly build). If this bug does
not occur please can you resolve it worksforme.
Please note that when you click in a image and block it, you're blocking the
server that sent the image, and when you use tools->image manager you're
blocking images from the server that sent the page.
Reporter | ||
Comment 3•23 years ago
|
||
Hm... sorry for formulating subject wrong.
I am talking about "Accept images that come from originating server only" setting.
I don't block images manualy.
I just tested in RC1, same thing.
Comment 4•23 years ago
|
||
I am not sure if this is a bug, the page displayed in the IFRAME is served by
ar.atwola.com, the same server that sends the images...
Reporter | ||
Comment 5•23 years ago
|
||
Yes, but iframe is displayed in www.cnn.com page.
I haven't found any bugs in Image Management component that have word iframe in
them.
Does it belong to some other component?
Comment 6•23 years ago
|
||
hard to say, because the exact issue isn't clear, but this looks like a dupe of
bug 48660
Comment 7•23 years ago
|
||
this is not a dup of bug 48660 That is about issues with the image blocking code
and seperate servers.
This bug is simply about the fact that these pages are loading files in an
IFrame. This means that the Pref to block images from third party servers
doesn't matter because the IFrame's HTML is also coming from the third party server.
This is similar, but not quite a dup, of bug 64066.
Changing summary to reflect true meaning of this bug.
This would effectively be implemented as a security pref to "block IFRAMEs from
third party servers"
It wouldn't surprise me if the backend for this feature already existed with the
security code we have now, and we just need a front end to implement it. IE has
a similar feature to avoid navigating subframes across domains, but that has a
slightly different usage.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Image blocker doesn't work on www.cnn.com and sites using atwola.com → Pref to block images from third party servers doesn't block IFRAMES from thrid party servers
Updated•22 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → mozilla1.1beta
Updated•22 years ago
|
Target Milestone: mozilla1.1beta → mozilla1.2beta
Assignee | ||
Comment 8•22 years ago
|
||
Mass reassigning of Image manager bugs to mstoltz@netscape.com, and futuring.
Most of these bugs are enhancement requests or are otherwise low priority at
this time.
Assignee: morse → mstoltz
Status: ASSIGNED → NEW
Target Milestone: mozilla1.2beta → Future
Comment 9•22 years ago
|
||
This looks a lot like bug 64066. When the image manager blocks iframes, it will
also be possible to block third party iframes.
*** This bug has been marked as a duplicate of 64066 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•