Closed Bug 143420 Opened 22 years ago Closed 22 years ago

View Image loads javascript: url as chrome

Categories

(Core :: Security: CAPS, defect)

x86
Windows 98
defect
Not set
normal

Tracking

()

VERIFIED FIXED

People

(Reporter: jruderman, Assigned: dveditz)

Details

(Whiteboard: [ADT2 RTM])

Attachments

(3 files)

If the src of an img is a javascript: url, the View Image context menu item runs
the javascript: url as chrome.
Attachment #83015 - Attachment description: testcase → testcase for View Image
While I rarely use View Image, I use Show Only This Frame reflexively on pages
with large navigation frames.  The frame with the javascript: URL can contain
anything a normal frame can using the format javascript:"<html>...", so the page
can look like a normal framed page.
Keywords: nsbeta1+
Whiteboard: [ADT2 RTM]
Reassigning to dveditz
Assignee: mstoltz → dveditz
The view image (and background image) bug turns out to be the utilityOverlay.js
bug covered in bug 144704. This patch only fixes the show frame bug.
Comment on attachment 84419 [details] [diff] [review]
use loadURI() for safety in nsContextMenu.js

sr=scc
Attachment #84419 - Flags: superreview+
Comment on attachment 84419 [details] [diff] [review]
use loadURI() for safety in nsContextMenu.js

r=bryner
Attachment #84419 - Flags: review+
Comment on attachment 84419 [details] [diff] [review]
use loadURI() for safety in nsContextMenu.js

a=brendan,chofmann,scc

please check in to mozilla 1.0 branch by midnight tonight
Attachment #84419 - Flags: approval+
adding adt1.0.0+ for 1.0 branch checkin.
Keywords: adt1.0.0+
checked into trunk and branch
Status: NEW → RESOLVED
Closed: 22 years ago
Keywords: fixed1.0.0
Resolution: --- → FIXED
Group: security?
Verified on 2002-10-11-branch build on Win 2000.

Both of the attached test cases gives an exxception.
Status: RESOLVED → VERIFIED
fixing verified keyword so queries of which bug was fixed when come out right:
this was fixed for mozilla 1.0
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: