Closed
Bug 199825
Opened 18 years ago
Closed 5 years ago
[RFE] Option to filter out insecure content
Categories
(Core Graveyard :: Security: UI, enhancement)
Tracking
(Not tracked)
People
(Reporter: aynilove, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.4a) Gecko/20030327 Phoenix/0.5 Build Identifier: Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.4a) Gecko/20030327 Phoenix/0.5 I want a dialog that "this page contains secured and in-secured items..." warning, and I can choose "view only secured items", "view both secured and in-secured items", "cencel viewing this page". furthermore, a decision is saved, and next time the dialog opens, previous selection will be choosed as default, so I can press "space or enter" to make same decision. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Comment 1•18 years ago
|
||
Changing summary and reassigning to PSM. This would be difficult, and I'm not sure there would be a high demand for this feature, though ths is a good starting point for discussion about improvements to the SSL warning dialogs.
Assignee: mstoltz → ssaux
Severity: normal → enhancement
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: carosendahl → bmartin
Summary: Secured and In-secured mixed page. → [RFE] Option to filter out insecure content
Version: Trunk → 2.4
Comment 2•18 years ago
|
||
*** Bug 199996 has been marked as a duplicate of this bug. ***
Comment 3•18 years ago
|
||
from bug 199996: Security idea: mozilla loads a SSL page, everything included in the page (iframe, img src, js, etc.) loaded from another HTTP site not using the same certificate is rejected. User would get a warning popup that site will use a special security mode allowing the page to only download content from the site he's loaded the main page from. Possibility to have a whitelist so that you could re-enable more sites to download content from, on a per-object basis Possible usage: implement a new HTTP header X-Lockdown ? (from kirun on #mz) Background idea: the browser is the client, webmail and many management apps are using it and manipulating uncontrolled user data, it's nearly impossible to secure a webmail client totally, malicious users always discover a new flaw (search XSS on Google for examples). This is pushing the concept of mixed mode content a bit further. It may require to implement something new in Mozilla (and in web apps of course). Similar to what mozilla.org did with Link Prefetching.
Reporter | ||
Comment 5•18 years ago
|
||
Secure warning dialog should showed up _before_ the requested page loads. Currently it showed up _after_ or _while_(text elements are loaded but not images, etc) loads page. Should file this as another bug(or enhancement)?
Updated•14 years ago
|
QA Contact: bmartin → ui
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 62178
Assignee | ||
Updated•4 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•