When I make a link using file:///// to a file on our network: <A HREF="file://///server/directory/file.doc">MyFile</A> it behaves differently depending upon if I middle-click the link verses if I left-click or right-click and select "Open in new tab" or "Open in new window". The middle mouse button works correctly (opens the file in a new tab). All other methods of clicking the link do nothing (no error message, no action).
what the heck is file:///// (with 5 /) ? I only knew it with 2 or 3...
See http://bugzilla.mozilla.org/show_bug.cgi?id=107540 for info about the 5 slashes.
Right. This is all working as-designed. Remote content linking to local content opens up a number of security holes that are simply not tenable.
I just want to make sure everyone is on the same page. When you said "This is all working as-designed." Did you mean that you were already aware of the problem and that it had already been fixed, or that the bug as described in the text (middle mouse button rehaves differently than right-click->open in new tab) is by-design?
Ugh. Sorry... I misread things...
To security. We should be consistent in this behavior, I think...
I think what I said above still applies: "The real bug ... is that the link _can_ be opened with the middle click shortcut." That is, "consistent behavior" would be to disallow the middle click (and ctrl click), right? If this is not happening already, the middle-click shortcut is skipping CheckLoadURI, I guess. (?) mstoltz will probably know.
*** Bug 151491 has been marked as a duplicate of this bug. ***
This has been fixed; can't reproduce it now.
reopening as no specific patch fixed this bug.