Doctor needs a preview button. It would be nice if it would wrap html pages in mozilla.org's template, but that's not necessary. It should add a reasonable <base href> to make it easy to check links. Since preview will echo scripts back to the user, security precautions are necessary. Otherwise, another site could submit a page to "preview" with a script that tries to read the user's stored CVS password. (Compare bug 38862 for Bugzilla). Possible security tricks: 1. Check the referer for a submit to preview.cgi and make sure it's doctor.cgi. This would lock out users who have disabled all referers (rather than only cross-site referers), would not work for Beonex users who chose to use fake referers (evil!), and I think it would break the HTTP spec. 2. Strip out script tags and event handlers. Not a good idea: this is hard to implement, even harder to get right with the huge number of event handlers, and not forward-compatible with new versions of IE with new event handlers. 3. Use a different hostname for preview. Require that preview be done with doctor-preview.mozilla.org rather than doctor.mozilla.org, and require that all other scripts be done with doctor.mozilla.org. Make Doctor verify that the main hostname (doctor.mozilla.org) and the preview hostname (doctor-preview.mozilla.org) are neither identical and that neither is a substring of the other. This would require additional work for anyone who wants to set up Doctor. I think #3 is best.
*** Bug 253352 has been marked as a duplicate of this bug. ***
Do we have security risks with wiki when visualizing a page? Else we could do something similar.
OS: Windows 2000 → All
Hardware: PC → All
Doctor has had "view edited" button for quite some time now.
(In reply to comment #3) > Doctor has had "view edited" button for quite some time now. Indeed.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.