Open
Bug 200408
Opened 22 years ago
Updated 2 years ago
Image is not blocked though it should've been
Categories
(Core :: Graphics: Image Blocking, defect)
Tracking
()
NEW
People
(Reporter: oneway_111, Unassigned)
References
(Blocks 1 open bug, )
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312
Saw this on http://finance.yahoo.com/?u
The site serves a huge and ugly image ad. The ad is coming from (AFAICT)
http://click.atdmt.com/RSC/go/yhxxxint00600115rsc/direct/01/&time=1049331557168014.
I have Edit/Preferences/Privacy&Security/Images/Image Policy set to "Accept
images that come from originating server only" but the image/ad is visible on
the page.
The only way it could get rid of the ad is to explicitly forbid images from
spd.atdmt.com
The following is the code that, I think, is bypassing the "Accept images that
come from originating server only" policy:
[...]
<table
width=100%
cellspacing=0
border=0
cellpadding=2> <tr><td align=center colspan=2><font face=arial
size=-2>ADVERTISEMENT [ <a
href="http://rd.yahoo.com/M=250544.3122418.4442938.2337050/D=fin/S=7037371:SREC/A=1514962/R=0/id=minimize/*http://finance.yahoo.com">Minimize</a>
]</font><br> <iframe
src="http://view.atdmt.com/RSC/iview/yhxxxint00600115rsc/direct/01/&time=1049332545143232?click=http://rd.yahoo.com/M=250544.3122418.4442938.2337050/D=fin/S=7037371:SREC/A=1514962/R=1/*"
frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0"
leftmargin="0" width="728" height="210">
<a
href="http://rd.yahoo.com/M=250544.3122418.4442938.2337050/D=fin/S=7037371:SREC/A=1514962/R=2/*http://click.atdmt.com/RSC/go/yhxxxint00600115rsc/direct/01/&time=1049332545143232"
target="_blank"><img border="0"
src="http://view.atdmt.com/RSC/view/yhxxxint00600115rsc/direct/01/&time=1049332545143232"></a>
</iframe></td></tr>
<tr
valign=top><td
align=center>
<hr
size=0
color=bfcede><map
name=b>
[...]
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Expected Results:
The image should not have been shown.
|
||
Comment 1•22 years ago
|
||
->Image blocking
Assignee: asa → mstoltz
Component: Browser-General → Image Blocking
|
||
Comment 2•22 years ago
|
||
Odd... I'd have thought this worked in 1.3...
In any case, this is certainly broken in current nightlies. mvl, I need a hand
here. The old nsImageDocument code would fully load the image (of it were
linked from an iframe src) and then just not show it. With my changes, it is
fully loaded and show. Can we make content policy able to tell apart iframes
and top-level windows, maybe? Then we could kill iframe image loads in
OnStartRequest (when the server response just comes back) if the content policy
says so, but still load normal full-page images....
|
||
Updated•22 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Just installed Mozilla 1.4. Here's some feedback on the image issue:
1. Mozilla 1.3 had a bug and some images were loaded when they should not have been
2. Mozilla 1.4 is more strict and it (correctly) does not load some images that
Mozilla 1.3 did. Ironically, I now see that I want some of the blocked images.
3. My Edit/Preferences/Privacy&Security/Images/Image Policy is set to "Accept
images that come from originating server only". I think it would be better if
Mozilla "Accept images that come from originating server only" policy (or
whatever) could be overridden for certain site, i.e. sites that are ALLOWED to
load images (see Image Manager window).
|
||
Updated•21 years ago
|
QA Contact: asa
similar cause as bug 215012?
|
||
Comment 6•21 years ago
|
||
"Load Images for the originating website only"
IMHO if this defaults to "on" some pages will not display their content as expected.
see www.viamichelin.com and plan a route. the route image is not displayed
whereas a RMB "block iamges" exists the RMB for "load images" is missing
IMHO novice users will not understand what's happening - and I see a lot of
reports dealing with images which are not loaded.
hope that helps
|
||
Comment 7•20 years ago
|
||
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.3) Gecko/20040910
I saw this problem twice today at
<http://news.yahoo.com/news?tmpl=index2&cid=580>, which is the Yahoo/Reuters
business news.
Although I specify "Accept images that come from the originating server only", I
still got images from <m2.doubleclick.net>. I selected the image and then
"Block images from this server". I then selected the Reload button. The images
reappeared but this time from <m3.doubleclick.net>. Again, I selected the
image, "Block images from this server", and then the Reload button. Finally, I
was able to suppress the images.
|
||
Updated•18 years ago
|
Assignee: security-bugs → nobody
Status: ASSIGNED → NEW
|
||
Updated•16 years ago
|
QA Contact: image-blocking
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•