Open
Bug 1741290
Opened 4 years ago
Updated 3 years ago
Filter protocols in GeckoSession.load
Categories
(GeckoView :: General, enhancement, P2)
Tracking
(Not tracked)
NEW
People
(Reporter: agi, Unassigned)
References
Details
(Whiteboard: [geckoview:m98] [geckoview:2022h2?])
GeckoSession.load(...) by default will not filter the protocol of the URI and will send that straight to Gecko.
This can cause unintended consequences for embedders for protocols that are internal to Gecko or uncommon like resource:, chrome:, javascript: etc.
It would be nice if we offered a way to deny loading these protocols by default to avoid future security bugs.
|
Reporter | |
Comment 1•4 years ago
|
||
This could be potentially related to Bug 1685152.
See Also: → 1685152
|
||
Updated•4 years ago
|
Priority: -- → P2
Whiteboard: [geckoview:m97?]
|
|
||
Updated•4 years ago
|
Whiteboard: [geckoview:m97?] → [geckoview:m98]
|
||
Updated•3 years ago
|
Severity: -- → N/A
|
|
||
Updated•3 years ago
|
Whiteboard: [geckoview:m98] → [geckoview:m98] [geckoview:2022h2?]
You need to log in
before you can comment on or make changes to this bug.
Description
•