Closed
Bug 14981
Opened 25 years ago
Closed 24 years ago
[Feature] Javascript can execute in any file regardless of extension
Categories
(Core :: Networking, defect, P3)
Tracking
()
M15
People
(Reporter: morse, Assigned: norrisboyd)
Details
Create a file with the following content <SCRIPT>alert('Oops')</SCRIPT> and name it abc.xyz. Open that file in the 5.0 browser and the javascript will execute. This should not happen -- only files with certain extensions such as .html should be capable of executing javascript. This bug can be used as the basis of a security attack (see bug 9419)
Reporter | ||
Updated•25 years ago
|
Assignee: morse → norris
Reporter | ||
Comment 3•25 years ago
|
||
Assigning to Norris so that he can find the real owner of this bug.
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M14
Bulk move of all Necko (to be deleted component) bugs to new Networking component.
Assignee | ||
Updated•25 years ago
|
Summary: Javascript can execute in any file regardless of extension → [Feature] Javascript can execute in any file regardless of extension
Reporter | ||
Comment 5•25 years ago
|
||
Norris, why did you add "[FEATURE]" to the summary line. I wasn't asking for a feature here, rather I was asking to close what could be a security hole. In 4.x you couldn't execute javascript in any file but rather only in ones with certain extensions. That's why I reported this as a bug, not a feature request.
Assignee | ||
Updated•25 years ago
|
Target Milestone: M14 → M15
Reporter | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 6•25 years ago
|
||
Hey, guess what! This bug is no more. I just tested it out and now it works fine. Here I've had bug 9419 blocked by this and didn't realize that it was working fine. Closing it out as works-for-me.
Comment 7•25 years ago
|
||
This is working for me too. I created a .txt file with the alert and it was not executed. [bugday]marking verified. worksforme on winNT build 2000022908.
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 8•24 years ago
|
||
Turns out this bug wasn't fixed after all. See bug 55731. Reopening and duping.
Status: VERIFIED → REOPENED
Resolution: WORKSFORME → ---
Reporter | ||
Comment 9•24 years ago
|
||
*** This bug has been marked as a duplicate of 55731 ***
Status: REOPENED → RESOLVED
Closed: 25 years ago → 24 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•