Closed Bug 143420 Opened 23 years ago Closed 23 years ago

View Image loads javascript: url as chrome

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: jruderman, Assigned: dveditz)

Details

(Whiteboard: [ADT2 RTM])

Attachments

(3 files)

testcase for View Image
139 bytes, text/html
Details
testcase for Show Only This Frame
125 bytes, text/html
Details
use loadURI() for safety in nsContextMenu.js
728 bytes, patch
bryner
: review+
scc
: superreview+
endico
: approval+
Details | Diff | Splinter Review
If the src of an img is a javascript: url, the View Image context menu item runs the javascript: url as chrome.
Attachment #83015 - Attachment description: testcase → testcase for View Image
While I rarely use View Image, I use Show Only This Frame reflexively on pages with large navigation frames. The frame with the javascript: URL can contain anything a normal frame can using the format javascript:"<html>...", so the page can look like a normal framed page.
Keywords: nsbeta1+
Whiteboard: [ADT2 RTM]
Reassigning to dveditz
Assignee: mstoltz → dveditz
The view image (and background image) bug turns out to be the utilityOverlay.js bug covered in bug 144704. This patch only fixes the show frame bug.
Comment on attachment 84419 [details] [diff] [review] use loadURI() for safety in nsContextMenu.js sr=scc
Attachment #84419 - Flags: superreview+
Comment on attachment 84419 [details] [diff] [review] use loadURI() for safety in nsContextMenu.js r=bryner
Attachment #84419 - Flags: review+
Comment on attachment 84419 [details] [diff] [review] use loadURI() for safety in nsContextMenu.js a=brendan,chofmann,scc please check in to mozilla 1.0 branch by midnight tonight
Attachment #84419 - Flags: approval+
adding adt1.0.0+ for 1.0 branch checkin.
Keywords: adt1.0.0+
checked into trunk and branch
Status: NEW → RESOLVED
Closed: 23 years ago
Keywords: fixed1.0.0
Resolution: --- → FIXED
Group: security?
Verified on 2002-10-11-branch build on Win 2000. Both of the attached test cases gives an exxception.
Status: RESOLVED → VERIFIED
Keywords: fixed1.0.0verified1.0.2
fixing verified keyword so queries of which bug was fixed when come out right: this was fixed for mozilla 1.0
Keywords: verified1.0.2verified1.0.0
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: