Closed Bug 1609158 Opened 2 years ago Closed 2 years ago

Ensure that `window.open('file://...')` does not work from a remote page

Categories

(GeckoView :: General, defect, P1)

Unspecified
All
defect

Tracking

(firefox74 fixed)

RESOLVED FIXED
mozilla74
Tracking Status
firefox74 --- fixed

People

(Reporter: snorp, Assigned: snorp)

Details

(Whiteboard: [geckoview:m74])

Attachments

(1 file)

There is a lot of machinery involved here, so we need to make sure things are correct.

In a similar fashion we should also ensure that e.g. target=”_blank” for a file:// does not work either.

Let's mark the priority to get this done pre fenix GA.

This is covered in other test suites, but it may be possible for
GeckoView to get this wrong, so add an explicit test.

Assignee: nobody → snorp
Status: NEW → ASSIGNED
Group: mobile-core-security, mozilla-employee-confidential
Not accessible to reporter
Priority: -- → P1
Whiteboard: [geckoview:m74]
Pushed by jwillcox@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b548bcce41dc
Add a simple test for `window.open('file://...')` with GeckoView r=geckoview-reviewers,agi
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla74
You need to log in before you can comment on or make changes to this bug.