Blocked downloads should not leave an empty (0K) file
Categories
(Firefox :: Downloads Panel, defect)
Tracking
()
People
(Reporter: jscher2000, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Steps to reproduce:
Download using an HTTP link in an HTTPS page. For example, a PDF-format instruction manual from a product page on https://www.screwfix.com/ (with PDF handling set to "Always Ask") or a Word/PowerPoint doc from https://www.jeffersonscher.com/scu/2009/ (if you have PDFs set to "Open in Firefox").
Actual results:
The Downloads list displays the message "File not downloaded: Potential security risk" (based on Downloads.Error.BLOCK_VERDICT_INSECURE). In the relevant download folder, Firefox actually created a 0KB empty stub file with the name of the intended download. If the user clicks for more information, there is a working Remove file button, which contradicts the original message.
Expected results:
No file should be created (or any file created should be deleted immediately) for a blocked download.
Reported in SUMO reply: https://support.mozilla.org/en-US/questions/1373839#answer-1498395
Reporter | ||
Comment 1•2 years ago
|
||
"Open" actually requires a re-download, but hopefully this can work without the empty placeholder file. And then "Remove file" won't be needed.
Reporter | ||
Comment 2•2 years ago
|
||
I'm slotting this under Firefox / Downloads Panel for the moment, but it could be a Toolkit / Downloads API issue if we've always had empty files in the Temp folder but users never noticed before because... out of sight, out of mind.
Comment 3•2 years ago
|
||
(In reply to jscher2000 from comment #0)
Download using an HTTP link in an HTTPS page. For example, a PDF-format instruction manual from a product page on https://www.screwfix.com/
Aside: it is always fun for me to find random references to stuff I use in bug reports, so thank you for the smile. :-)
The Downloads list displays the message "File not downloaded: Potential security risk" (based on Downloads.Error.BLOCK_VERDICT_INSECURE). In the relevant download folder, Firefox actually created a 0KB empty stub file with the name of the intended download. If the user clicks for more information, there is a working Remove file button, which contradicts the original message.
Yeah, agreed that this is weird/wrong. It looks like we have a pre-existing report here: bug 1754920.
Description
•