Closed
Bug 143420
Opened 22 years ago
Closed 22 years ago
View Image loads javascript: url as chrome
Categories
(Core :: Security: CAPS, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: jruderman, Assigned: dveditz)
Details
(Whiteboard: [ADT2 RTM])
Attachments
(3 files)
139 bytes,
text/html
|
Details | |
125 bytes,
text/html
|
Details | |
728 bytes,
patch
|
bryner
:
review+
scc
:
superreview+
endico
:
approval+
|
Details | Diff | Splinter Review |
If the src of an img is a javascript: url, the View Image context menu item runs the javascript: url as chrome.
Reporter | ||
Comment 1•22 years ago
|
||
Reporter | ||
Comment 2•22 years ago
|
||
Reporter | ||
Updated•22 years ago
|
Attachment #83015 -
Attachment description: testcase → testcase for View Image
Reporter | ||
Comment 3•22 years ago
|
||
While I rarely use View Image, I use Show Only This Frame reflexively on pages with large navigation frames. The frame with the javascript: URL can contain anything a normal frame can using the format javascript:"<html>...", so the page can look like a normal framed page.
Assignee | ||
Comment 5•22 years ago
|
||
The view image (and background image) bug turns out to be the utilityOverlay.js bug covered in bug 144704. This patch only fixes the show frame bug.
Comment 6•22 years ago
|
||
Comment on attachment 84419 [details] [diff] [review] use loadURI() for safety in nsContextMenu.js sr=scc
Attachment #84419 -
Flags: superreview+
Comment 7•22 years ago
|
||
Comment on attachment 84419 [details] [diff] [review] use loadURI() for safety in nsContextMenu.js r=bryner
Attachment #84419 -
Flags: review+
Comment 8•22 years ago
|
||
Comment on attachment 84419 [details] [diff] [review] use loadURI() for safety in nsContextMenu.js a=brendan,chofmann,scc please check in to mozilla 1.0 branch by midnight tonight
Attachment #84419 -
Flags: approval+
Assignee | ||
Comment 10•22 years ago
|
||
checked into trunk and branch
Updated•21 years ago
|
Group: security?
Comment 11•21 years ago
|
||
Verified on 2002-10-11-branch build on Win 2000. Both of the attached test cases gives an exxception.
Status: RESOLVED → VERIFIED
Keywords: fixed1.0.0 → verified1.0.2
Assignee | ||
Comment 12•21 years ago
|
||
fixing verified keyword so queries of which bug was fixed when come out right: this was fixed for mozilla 1.0
Keywords: verified1.0.2 → verified1.0.0
You need to log in
before you can comment on or make changes to this bug.
Description
•