View Image loads javascript: url as chrome

VERIFIED FIXED

Status

()

Core
Security: CAPS
VERIFIED FIXED
15 years ago
15 years ago

People

(Reporter: Jesse Ruderman, Assigned: dveditz)

Tracking

Trunk
x86
Windows 98
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [ADT2 RTM])

Attachments

(3 attachments)

(Reporter)

Description

15 years ago
If the src of an img is a javascript: url, the View Image context menu item runs
the javascript: url as chrome.
(Reporter)

Comment 1

15 years ago
Created attachment 83015 [details]
testcase for View Image
(Reporter)

Comment 2

15 years ago
Created attachment 83020 [details]
testcase for Show Only This Frame
(Reporter)

Updated

15 years ago
Attachment #83015 - Attachment description: testcase → testcase for View Image
(Reporter)

Comment 3

15 years ago
While I rarely use View Image, I use Show Only This Frame reflexively on pages
with large navigation frames.  The frame with the javascript: URL can contain
anything a normal frame can using the format javascript:"<html>...", so the page
can look like a normal framed page.
Keywords: nsbeta1+
Whiteboard: [ADT2 RTM]
Reassigning to dveditz
Assignee: mstoltz → dveditz
(Assignee)

Comment 5

15 years ago
Created attachment 84419 [details] [diff] [review]
use loadURI() for safety in nsContextMenu.js


The view image (and background image) bug turns out to be the utilityOverlay.js
bug covered in bug 144704. This patch only fixes the show frame bug.

Comment 6

15 years ago
Comment on attachment 84419 [details] [diff] [review]
use loadURI() for safety in nsContextMenu.js

sr=scc
Attachment #84419 - Flags: superreview+
Comment on attachment 84419 [details] [diff] [review]
use loadURI() for safety in nsContextMenu.js

r=bryner
Attachment #84419 - Flags: review+

Comment 8

15 years ago
Comment on attachment 84419 [details] [diff] [review]
use loadURI() for safety in nsContextMenu.js

a=brendan,chofmann,scc

please check in to mozilla 1.0 branch by midnight tonight
Attachment #84419 - Flags: approval+

Comment 9

15 years ago
adding adt1.0.0+ for 1.0 branch checkin.
Keywords: adt1.0.0+
(Assignee)

Comment 10

15 years ago
checked into trunk and branch
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Keywords: fixed1.0.0
Resolution: --- → FIXED
Group: security?

Comment 11

15 years ago
Verified on 2002-10-11-branch build on Win 2000.

Both of the attached test cases gives an exxception.
Status: RESOLVED → VERIFIED
Keywords: fixed1.0.0 → verified1.0.2
(Assignee)

Comment 12

15 years ago
fixing verified keyword so queries of which bug was fixed when come out right:
this was fixed for mozilla 1.0
Keywords: verified1.0.2 → verified1.0.0
You need to log in before you can comment on or make changes to this bug.