Closed
Bug 1609158
Opened 4 years ago
Closed 4 years ago
Ensure that `window.open('file://...')` does not work from a remote page
Categories
(GeckoView :: General, defect, P1)
Tracking
(firefox74 fixed)
RESOLVED
FIXED
mozilla74
Tracking | Status | |
---|---|---|
firefox74 | --- | fixed |
People
(Reporter: snorp, Assigned: snorp)
Details
(Whiteboard: [geckoview:m74])
Attachments
(1 file)
There is a lot of machinery involved here, so we need to make sure things are correct.
Comment 1•4 years ago
|
||
In a similar fashion we should also ensure that e.g. target=”_blank” for a file:// does not work either.
Comment 2•4 years ago
|
||
Let's mark the priority to get this done pre fenix GA.
Assignee | ||
Comment 3•4 years ago
|
||
This is covered in other test suites, but it may be possible for
GeckoView to get this wrong, so add an explicit test.
Updated•4 years ago
|
Assignee: nobody → snorp
Status: NEW → ASSIGNED
Assignee | ||
Updated•4 years ago
|
Group: mobile-core-security, mozilla-employee-confidential
Not accessible to reporter
Updated•4 years ago
|
Priority: -- → P1
Whiteboard: [geckoview:m74]
Pushed by jwillcox@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b548bcce41dc Add a simple test for `window.open('file://...')` with GeckoView r=geckoview-reviewers,agi
Comment 5•4 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox74:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla74
You need to log in
before you can comment on or make changes to this bug.
Description
•