Closed Bug 1597647 Opened 6 years ago Closed 6 years ago

Downloading website source lets you bypass set content restrictions

Categories

(Firefox for iOS :: General, defect)

Product:
Firefox for iOS
Component:
General
Platform:
Other
iOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INACTIVE

People

(Reporter: 8n1p238ao, Unassigned)

Details

User Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1

Steps to reproduce:

  1. Go to your iPhone’s Settings > Screen Time > Content & Privacy Restrictions > Content Restrictions > Limit Adult Websites. Add “github.com” to the blacklist (for easier and SFW testing)
  2. Open the Firefox browser and google out “GitHub”
  3. Try tapping the link to GitHub’s main page. If you did the first step correctly, it should show you a message about the website being blocked
  4. Go back to the Google search results
  5. Tap and hold the link you previously tried opening and pick “Download Link” option from the context menu
  6. Tap “Download Now”. Once the download finishes tap “Downloads” button which should appear in the bottom right corner
  7. Tap the “github.com.html” file to open it.

Actual results:

Doing the above lets you see the contents of a blocked website.

Expected results:

When the user taps “Dowload Now”, the website source code should be downloaded and saved only if loading that website complies with existing Content Restriction policy.

Thanks for reporting. We will track and triage this issue here: https://github.com/mozilla-mobile/firefox-ios/issues/5784

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.