Closed Bug 1432469 Opened 8 years ago Closed 8 years ago

Cannot open data: URIs with target=_blank

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
60 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox60 --- affected

People

(Reporter: asoncutean, Unassigned)

Details

Attachments

(1 file)

attachment.html
647 bytes, text/html
Details
Attached file attachment.html
[Affected versions]: - 60.0a1 [Unaffected versions]: - 58.0 - build 6 - 58.0b16 [Affected platforms]: - Windows 10 x64 - Ubuntu 12.04 x32 - macOS 10.13 [Steps to reproduce]: 1. Open Firefox. 2. Open the html attachment file. 3. Click the link "click 1". [Expected result]: A popup window is opened, with the link “click 2” displayed inside it. [Actual result]: A popup window glitches for one second, then disappears. [Additional notes]: - Not sure this is the right component. [Regression range]: - While trying to find a regression range, I encountered two scenarios: 1. With the actual behavior, when the popup doesn’t opened at all: Last good revision: 08f1d46bc342090a4c00d4cec5df83a17515bf7f First bad revision: 70426aabd20a74c14747e046aac783e9628681c9 Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=08f1d46bc342090a4c00d4cec5df83a17515bf7f&tochange=70426aabd20a74c14747e046aac783e9628681c9 2. When a popup window opens, displaying about:blank content. Last good revision: 01992997c2bb93f53606b30c34aeb3383d488b7a First bad revision: 9072e9c0d0aa2bd790634bb0a5c49713b6e27c79 Pushlog: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=01992997c2bb93f53606b30c34aeb3383d488b7a&tochange=9072e9c0d0aa2bd790634bb0a5c49713b6e27c79
Hi Christoph, Can you please have a look into this? Thank you!
Flags: needinfo?(ckerschb)
Hey Anca, we started to block toplevel data: URI navigations for FF58, find more info about why here: https://blog.mozilla.org/security/2017/11/27/blocking-top-level-navigations-data-urls-firefox-58/ If you open the browser console you see the warning: > Navigation to toplevel data: URI not allowed (Blocked loading of: “data:text/html;charset=utf-8;base64,PGEgaHJlZj0iaH...”) Please note that we only block data: URIs; regular URIs should still work using "_blank", if that is not the case, please let me know.
Component: Tabbed Browser → DOM: Security
Flags: needinfo?(ckerschb)
Product: Firefox → Core
Summary: Cannot open links with target=_blank → Cannot open data: URIs with target=_blank
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #2) > Please note that we only block data: URIs; regular URIs should still work > using "_blank", if that is not the case, please let me know. Thank you for your explanation and your quick reply. I don't see any other issue regarding the information provided above, regular URIs, using "_blank" seams to work fine.
Chrome is also blocking this, but they leave an about:blank popup open (no content). Slightly different behavior, but in either case you can no longer create top-level data: documents.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: