Closed Bug 167272 Opened 23 years ago Closed 23 years ago

Links to blocked about: urls can be opened with middle-click if it opens in new tab

Categories

(SeaMonkey :: Tabbed Browser, defect)

Product:
SeaMonkey
Component:
Tabbed Browser
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: tuukka.tolvanen, Assigned: jag+mozilla)

References

(
URL
)

Details

Attachments

(1 file, 1 obsolete file)

patch v1.1
2.08 KB, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020907 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020907 Apparently (bug 157230 comment 6) many about: url links are blocked because of security reasons, as in Security Error: Content at http://mozilla.weebeastie.net/java.shtml may not load or link to about:plugins. If the pref to open (middle|ctrl)-clicked links in a new tab is on, the blocked links do work. Reproducible: Always Steps to Reproduce: 1. Check Edit > Preferences > Navigator > Tabbed Browsing > Open tabs... > Middle-click... 2. Load attachment 91183 [details] 3. Middle-click on the "Non-Working about:" links Actual Results: links load in new tab Expected Results: Security Error, links not loaded This looks like it's caused by somewhat the same reasons as bug 161976; openNewTabOrWindow uses addTab for a new tab, or openNewWindowWith for a new window, which behave differently in more ways than just the target. Selecting "Open link in new tab" from the context menu is blocked properly.
Looks like openNewTabOrWindow lines 186-191 in contentAreaClick.js duplicate openNewTabWith lines 102-109 in contentAreaUtils.js, except omitting the security check and adding handling of shift-click to reverse loadInBackground behaviour. http://lxr.mozilla.org/seamonkey/source/xpfe/communicator/resources/content/contentAreaClick.js#181 http://lxr.mozilla.org/seamonkey/source/xpfe/communicator/resources/content/contentAreaUtils.js#100
I can see this too (Windows XP trunk 2002080705) OS -> All
confirming on 1.1 Win32
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Attached patch patch (obsolete) — Splinter Review
proposed fix - have openNewTabOrWindow use openNewTabWith instead of getBrowser().addTab; add ability to flip loadInBackground pref to openNewTabWith. Tested, works ok with all combinations of: load links in the background on/off (middle|ctrl)-click new tabs instead of windows on/off link unblocked/blocked (about: vs. about:cache in the testcase) A related issue: the exception thrown from the security check is only caught in the left-click case, that's kinda ugly on js console imo
Attached patch patch v1.1Splinter Review
proposed fix, episode 1.1: cleanup Same as above, removing now unused variable theTab
Attachment #98280 - Attachment is obsolete: true
Keywords: patch, review
QA Contact: sairuh → pmac
Looks like bz fixed this in bug 175092; openNewTabOrWindow now uses only openNewTabWith / openNewWindowWith to open urls, and those do urlSecurityCheck; the STR result in the expected results (uncaught exception: Load of about:plugins denied). Marking wfm
Status: NEW → RESOLVED
Closed: 23 years ago
Depends on: 175092
Resolution: --- → WORKSFORME
Product: Core → SeaMonkey
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: