Open Bug 1864466 Opened 11 months ago Updated 1 month ago

Improve nested URI handling in AboutHttpsOnlyErrorParent.jsm

Tracking

()

Status:

NEW

People

(Reporter: maltejur, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog])

Malte Jürgens [:maltejur]

Reporter

Description

•

11 months ago

Follow-up from Bug 1855734

:dveditz mentioned

openWebsiteInsecure() in AboutHttpsOnlyErrorParent.jsm (the file patched by bug 1647829) isn't quite right, either. It's good it's using innerURI instead of syntactically rewriting the URL, but it shouldn't special-case "view-source". Instead check if it's a nsINestedURI, and if it is grab .innermostURI, not just .innerURI. Wasn't going to mention this, but seeing that browser-siteIdentity.js does have to deal with jar: URIs then maybe we do have to make this code right.

Daniel Veditz [:dveditz]

Updated

•

11 months ago

Severity: -- → N/A

Priority: -- → P3

Whiteboard: [domsecurity-active]

Malte Jürgens [:maltejur]

Reporter

Updated

•

1 month ago

Assignee: maltejur → nobody

Status: ASSIGNED → NEW

Whiteboard: [domsecurity-active] → [domsecurity-backlog]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Improve nested URI handling in AboutHttpsOnlyErrorParent.jsm

Categories

(Core :: DOM: Security, task, P3)

Tracking

()

People

(Reporter: maltejur, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog])

Crash Data

Security

(public)

User Story

Description

Updated

Updated