Closed Bug 14981 Opened 21 years ago Closed 19 years ago

[Feature] Javascript can execute in any file regardless of extension

Categories

(Core :: Networking, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED DUPLICATE of bug 55731

People

(Reporter: morse, Assigned: norrisboyd)

Details

Create a file with the following content

   <SCRIPT>alert('Oops')</SCRIPT>

and name it abc.xyz.  Open that file in the 5.0 browser and the javascript will
execute.  This should not happen -- only files with certain extensions such as
.html should be capable of executing javascript.

This bug can be used as the basis of a security attack (see bug 9419)
Blocks: 9419
Assignee: gagan → morse
steve why do you think this is Necko?
BTW extensions should not control javascript execution.
Assignee: morse → norris
Assigning to Norris so that he can find the real owner of this bug.
Status: NEW → ASSIGNED
Target Milestone: M14
Bulk move of all Necko (to be deleted component) bugs to new Networking

component.
Summary: Javascript can execute in any file regardless of extension → [Feature] Javascript can execute in any file regardless of extension
Norris, why did you add "[FEATURE]" to the summary line.  I wasn't asking for a
feature here, rather I was asking to close what could be a security hole.  In
4.x you couldn't execute javascript in any file but rather only in ones with
certain extensions.  That's why I reported this as a bug, not a feature request.
Target Milestone: M14 → M15
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
Hey, guess what!  This bug is no more.  I just tested it out and now it works
fine.  Here I've had bug 9419 blocked by this and didn't realize that it was
working fine.

Closing it out as works-for-me.
Keywords: verifyme
This is working for me too. I created a .txt file with the alert and it was not
executed. [bugday]marking verified. worksforme on winNT build 2000022908.
Status: RESOLVED → VERIFIED
No longer blocks: 9419
Turns out this bug wasn't fixed after all.  See bug 55731.  Reopening and 
duping.
Status: VERIFIED → REOPENED
Resolution: WORKSFORME → ---

*** This bug has been marked as a duplicate of 55731 ***
Status: REOPENED → RESOLVED
Closed: 20 years ago19 years ago
Resolution: --- → DUPLICATE
Verified dupe.
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.