This bug is reported as the issue in the module review and jrgm asked me to make a bug out of it. John will provide the test case.
Created attachment 106753 [details] test mailbox This is a test mailbox. Drop this into your <profile>/<salt>/Mail/Local Folders/ when the browser is not running and then start mail and open this folder. (Optionally, copy these documents up to an IMAP server and load from there). This mailbox has three messages in it: an HTML document, an XML document, and a XUL document, with appropriate 'Content-type:' headers. All three documents will fire an alert in the onload handler of the document when viewed in the browser.
p.s., I also tried this with attachments of XUL, HTML and XML, and the same situation applies there (i.e., HTML gets an viewer that can handle scripts, while XML and XUL do not).
As long as XML and XUL don't get rendered inline their scripts will certainly not be run, regardless of prefs. If I understood you correctly that is what happens. Before closing as invalid, send youself a mail where you have XML and XUL attachment and see what happens.
> Before closing as invalid, send youself a mail where you have XML > and XUL attachment and see what happens. Done. XML attachments are shown inline as plain text, and XUL attachments are not shown inline, only as an entry in the attachments pane. > As long as XML and XUL don't get rendered inline their scripts will > certainly not be run, regardless of prefs. If I understood you > correctly that is what happens. Yes, that is correct. The pref is moot since they are not rendered inline (by a content viewer that will try to execute script). But if that were to change in the future, I'm not entirely certain that the pref would be honored. It _looks_ like it would. I'm just flagging this as a way we might unintentionally introduce a problem in the future. CC: some mailnews folks, just to mention this. ----- [By the way, mailnews will not send an XML or XUL file when you do 'File->Send Page...'. It just drops it on the floor. At this time we don't care about this for XUL I suppose, but I suppose we might for XML. (I didn't check XHTML as text/xml, but I assume it wouldn't be sent either)].
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → INVALID
Hmm, I guess we still have that bug where adding to CC: still excludes the newly added members from getting mail from a security bug. Maybe a second try will work. mscott, sspitzer: see http://bugzilla.mozilla.org/show_bug.cgi?id=180756#c5 just FYI (no action required).
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: shrir → xptoolkit.widgets
You need to log in before you can comment on or make changes to this bug.