Closed Bug 199825 Opened 18 years ago Closed 5 years ago

[RFE] Option to filter out insecure content


(Core Graveyard :: Security: UI, enhancement)

1.0 Branch
Not set


(Not tracked)



(Reporter: aynilove, Unassigned)



User-Agent:       Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.4a) Gecko/20030327 Phoenix/0.5
Build Identifier: Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.4a) Gecko/20030327 Phoenix/0.5

I want a dialog that "this page contains secured and in-secured items..." 
warning, and I can choose "view only secured items", "view both secured and
in-secured items", "cencel viewing this page".

furthermore, a decision is saved, and next time the dialog opens,
previous selection will be choosed as default, so I can press "space or enter"
to make same decision.

Reproducible: Always

Steps to Reproduce:
Changing summary and reassigning to PSM.

This would be difficult, and I'm not sure there would be a high demand for this
feature, though ths is a good starting point for discussion about improvements
to the SSL warning dialogs.
Assignee: mstoltz → ssaux
Severity: normal → enhancement
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: carosendahl → bmartin
Summary: Secured and In-secured mixed page. → [RFE] Option to filter out insecure content
Version: Trunk → 2.4
*** Bug 199996 has been marked as a duplicate of this bug. ***
from bug 199996:

Security idea: mozilla loads a SSL page, everything included in the page
(iframe, img src, js, etc.) loaded from another HTTP site not using the same
certificate is rejected.

User would get a warning popup that site will use a special security mode
allowing the page to only download content from the site he's loaded the main
page from.

Possibility to have a whitelist so that you could re-enable more sites to
download content from, on a per-object basis

Possible usage: implement a new HTTP header X-Lockdown ? (from kirun on #mz)

Background idea: the browser is the client, webmail and many management apps are
using it and manipulating uncontrolled user data, it's nearly impossible to
secure a webmail client totally, malicious users always discover a new flaw
(search XSS on Google for examples).
This is pushing the concept of mixed mode content a bit further.

It may require to implement something new in Mozilla (and in web
apps of course). Similar to what did with Link Prefetching.
Ever confirmed: true
Secure warning dialog should showed up _before_ the requested page loads.
Currently it showed up _after_ or _while_(text elements are loaded but not
images, etc) loads page.

Should file this as another bug(or enhancement)?
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody
Product: PSM → Core
QA Contact: bmartin → ui
Version: psm2.4 → 1.0 Branch
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 62178
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.