Open
Bug 1864466
Opened 11 months ago
Updated 1 month ago
Improve nested URI handling in AboutHttpsOnlyErrorParent.jsm
Categories
(Core :: DOM: Security, task, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: maltejur, Unassigned)
References
Details
(Whiteboard: [domsecurity-backlog])
Follow-up from Bug 1855734
:dveditz mentioned
openWebsiteInsecure() in AboutHttpsOnlyErrorParent.jsm (the file patched by bug 1647829) isn't quite right, either. It's good it's using
innerURI
instead of syntactically rewriting the URL, but it shouldn't special-case "view-source". Instead check if it's a nsINestedURI, and if it is grab.innermostURI
, not just.innerURI
. Wasn't going to mention this, but seeing that browser-siteIdentity.js does have to deal withjar:
URIs then maybe we do have to make this code right.
Updated•11 months ago
|
Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-active]
Reporter | ||
Updated•1 month ago
|
Assignee: maltejur → nobody
Status: ASSIGNED → NEW
Whiteboard: [domsecurity-active] → [domsecurity-backlog]
You need to log in
before you can comment on or make changes to this bug.
Description
•