Closed
Bug 180757
Opened 22 years ago
Closed 12 years ago
XUL elements have lots of attributes that probably need but doen't have CheckLoadURI() calls, like databaseURI, datasourceURI etc.
Categories
(Core :: XUL, defect)
Tracking
()
RESOLVED
WORKSFORME
mozilla1.4final
People
(Reporter: bsharma, Unassigned)
Details
(Whiteboard: [adt2][sg:investigation])
This bug is reported as the issue in the module review and jrgm asked me to make a bug out of it.
Updated•22 years ago
|
Whiteboard: [sg:investigation]
Search, and limit loading to same host.
Keywords: nsbeta1
Target Milestone: --- → mozilla1.4beta
Comment 2•21 years ago
|
||
Nav triage team: nsbeta1+/adt2
Chris will try to get this for 1.4final, reassigning.
Assignee: jaggernaut → caillon
Target Milestone: mozilla1.4beta → mozilla1.4final
Comment 4•21 years ago
|
||
<xul:image src="file://foo"/> from remote xul seems to work. (same if you use a chrome: uri)
xul:image we are not very concerned about at this point, unless it can cause bad side effects. The reason is that HTML img and input src has no checks either and these are public bugs. A thing to fix, but no need to be security sensitive. So any side effects, like if you use data or JS url or the file is not image (like if it is plugin or JS or something)? Anything else?
Updated•20 years ago
|
Assignee: caillon → hyatt
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: shrir → xptoolkit.widgets
Updated•15 years ago
|
Assignee: hyatt → nobody
Comment 6•12 years ago
|
||
Content XUL is gone.
Group: core-security
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•