1475201 - Consider removing ability to drag javascript: urls to the new window button

Status: NEW

(Firefox :: Toolbars and Customization, enhancement, P3)

Description

[Jonathan Kingston [:jkt] he/him]

When working on Bug 1466801, I noticed the test was breaking for dragging multiple urls to the new window button if one contained a javascript: url.

browser/base/content/test/general/browser_newWindowDrop.js

Even once I manually changed to permit inherit principal in newWindowButtonObserver and newTabButtonObserver it still didn't work for new windows but did for tabs.

The _handleURIToLoad code is called lazily for new windows, currently this permits the use of inherit principal, so I had to change that also. I would prefer to lock down this function also.

Changing _handleURIToLoad to handle another window argument seems like a lot more complexity just for this behaviour.

Can we consider removing it?

Comment 1

[Tooru Fujisawa [:arai]]

I have no objection :)

for drag-and-drop specifically, we can handle in ContentAreaDropListener:
  https://searchfox.org/mozilla-central/source/dom/base/contentAreaDropListener.js
maybe just filter javascript: URIs out from _addLinksFromItem, or reject it in _validateURI.

Comment 2

[Jonathan Kingston [:jkt] he/him]

Seems fine, just one test to fix: https://treeherder.mozilla.org/#/jobs?repo=try&revision=55e6d7556876518c965bcc432c7b88779ac48eda

Comment 3

[Mathew Hodson]

See also bug 1506100

Comment 4

[Dão Gottwald [:dao]]

I'm taking care of the new tab button in bug 1605050. Seems like the new window button should be an easy fix as well. jkt, do you want to get back to this?

Comment 5

[Jonathan Kingston [:jkt] he/him]

Unassigning from me as I'm unlikely to be fixing this. Sorry.