[RFE] Option to filter out insecure content

RESOLVED DUPLICATE of bug 62178

Status

Core Graveyard
Security: UI
--
enhancement
RESOLVED DUPLICATE of bug 62178
16 years ago
2 years ago

People

(Reporter: aynilove [So, Jae-yoon], Unassigned)

Tracking

1.0 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.4a) Gecko/20030327 Phoenix/0.5
Build Identifier: Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.4a) Gecko/20030327 Phoenix/0.5

I want a dialog that "this page contains secured and in-secured items..." 
warning, and I can choose "view only secured items", "view both secured and
in-secured items", "cencel viewing this page".

furthermore, a decision is saved, and next time the dialog opens,
previous selection will be choosed as default, so I can press "space or enter"
to make same decision.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Changing summary and reassigning to PSM.

This would be difficult, and I'm not sure there would be a high demand for this
feature, though ths is a good starting point for discussion about improvements
to the SSL warning dialogs.
Assignee: mstoltz → ssaux
Severity: normal → enhancement
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: carosendahl → bmartin
Summary: Secured and In-secured mixed page. → [RFE] Option to filter out insecure content
Version: Trunk → 2.4
*** Bug 199996 has been marked as a duplicate of this bug. ***

Comment 3

16 years ago
from bug 199996:

Security idea: mozilla loads a SSL page, everything included in the page
(iframe, img src, js, etc.) loaded from another HTTP site not using the same
certificate is rejected.

User would get a warning popup that site will use a special security mode
allowing the page to only download content from the site he's loaded the main
page from.

Possibility to have a whitelist so that you could re-enable more sites to
download content from, on a per-object basis

Possible usage: implement a new HTTP header X-Lockdown ? (from kirun on #mz)

Background idea: the browser is the client, webmail and many management apps are
using it and manipulating uncontrolled user data, it's nearly impossible to
secure a webmail client totally, malicious users always discover a new flaw
(search XSS on Google for examples).
This is pushing the concept of mixed mode content a bit further.

It may require to implement something new in Mozilla (and in web
apps of course). Similar to what mozilla.org did with Link Prefetching.

Comment 4

16 years ago
Enhancement.
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Reporter)

Comment 5

15 years ago
Secure warning dialog should showed up _before_ the requested page loads.
Currently it showed up _after_ or _while_(text elements are loaded but not
images, etc) loads page.

Should file this as another bug(or enhancement)?

Comment 6

15 years ago
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody

Updated

14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core
QA Contact: bmartin → ui

Updated

10 years ago
Version: psm2.4 → 1.0 Branch
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 62178
(Assignee)

Updated

2 years ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.