XUL elements have lots of attributes that probably need but doen't have CheckLoadURI() calls, like databaseURI, datasourceURI etc.

RESOLVED WORKSFORME

Status

()

RESOLVED WORKSFORME
16 years ago
7 years ago

People

(Reporter: bsharma, Unassigned)

Tracking

Trunk
mozilla1.4final
x86
Windows 2000
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [adt2][sg:investigation])

(Reporter)

Description

16 years ago
This bug is reported as the issue in the module review and jrgm asked me to make
a bug out of it.
Whiteboard: [sg:investigation]
Search, and limit loading to same host.
Keywords: nsbeta1
Target Milestone: --- → mozilla1.4beta

Comment 2

16 years ago
Nav triage team: nsbeta1+/adt2
Keywords: nsbeta1 → nsbeta1+
Whiteboard: [sg:investigation] → [adt2][sg:investigation]
Chris will try to get this for 1.4final, reassigning.
Assignee: jaggernaut → caillon
Target Milestone: mozilla1.4beta → mozilla1.4final
<xul:image src="file://foo"/> from remote xul seems to work.  (same if you use a
chrome: uri)
xul:image we are not very concerned about at this point, unless it can cause bad
side effects. The reason is that HTML img and input src has no checks either and
these are public bugs. A thing to fix, but no need to be security sensitive.

So any side effects, like if you use data or JS url or the file is not image
(like if it is plugin or JS or something)? Anything else?
Assignee: caillon → hyatt

Updated

10 years ago
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: shrir → xptoolkit.widgets

Updated

9 years ago
Assignee: hyatt → nobody
Content XUL is gone.
Group: core-security
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.