User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030427
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030427
When you turn on "Do not load remote images in Mail & Newsgroup messages" in the
Iamges section of Privacy & Security preferences, attached images no longer
Steps to Reproduce:
1. Turn on "Do not load remote images in Mail & Newsgroup messages" in preferences.
2. View a message with attached images.
Attached images did not display although the separator HRs where displayed and
white space was left where the image should be.
Show the attached images.
I do not expect Mozilla to act against the preference I´ve set:
"Do not load remote images in Mail & Newsgroup messages"
In what cases should it respect this pref, and when not?
Maybe I was unclear. Up until recently (I don't recall noticing it with the
20030423 build) attached images displayed fine inline and the option applied to
truly remote images such as those dragged in from remote web servers in HTML
messages. In this build it seems to apply to all images, including attachments
and inline images within messages.
This is a very recent regression. This works fine in build 2003042504 and is
broken in build 2003042604 (tested on Windows XP).
I´m CCing some developers who commited Mail/News changes in this period of time.
Maybe this should block 1.4b since this a very commonly used feature and the fix
should be easy to find because of the small amount of code in question.
if this is a recent regression, it might be from my checkin for
whoa, this pref also affects inserting messages into message compose!
whoa, this is so me from bug #51631
Created attachment 122078 [details] [diff] [review]
fix, I suck
has r/sr=bienvenu, and makes sense, we you look at what I changed. (d'oh!)
What did you change in bug 51631? (I can not access it)
Because you changed from a list of protocols not to chech to a short list of
protocols that need to be checked. I don't know if that is a good approach. New
protocols can show up, or old protocols used to show images.
Seth, can you please elaborate on your patch here?
As I understand it, you didn't check with module owner/peers (darin, myself, and
mvl) before checking this in, and it sounds like mvl has some reservations about it.
If there's security-sensitive stuff here, then we'd appreciate it if you could
try to catch one of us on irc so we can go over it.
reopening; hopefully this will generate bugmail to seth...
Seth: please see previous comment.
From looking at bonsai I learned that originally we only checked a few protocols
anyway. But I liked the other approach. Is there some protocol for inline images
in mail messages that can be checked?
From a security standpoint, this should absolutely be a whitelist of protocols
we can load images from. As the code stands, it misses gopher, for example.
And any time an extension that allows a new protocol is installed it will be
opening a mail security hole.
the old code did this:
if !http:// and !https://, return early. don't bother to check if we are
blocking "remote" images in a mail message. the reason (I mistakenly thought)
was to optimize and avoid having to do all this checking for chrome:// and
so I switched it, in my other patch, to just check for those, and if chrome or
resource, bail, otherwise proceed, to make this check:
if ((a mail message) && (ftp || mBlockRemote)) then block. (in a mail message,
I never allow <img src="ftp://">,)
but this broke inline (mailbox://, imap://, etc) images, as well as images in
html msg compose and editor.
so, I reverted to:
if !http && !https && !ftp
if ((a mail message) && (mBlock || ftp))
to respond to bz:
"As the code stands, it misses gopher, for example. And any time an extension
that allows a new protocol is installed it will be opening a mail security hole."
not a security issue, but a bug with "block remote images".
so the current code will allow <img src="gopher://"> images to be shown,
assuming gopher doesn't require a username/password. (bug #51631? will deny any
thing requiring a password prompt)
I guess alternatively, we could do this:
if (chrome, resource, file (for editor), mail related)
// everything else, black list
else (http, https, ftp, gopher, etc)
if ((a mail message) && (mBlock || ftp))
dwitte/bz/darin/et al, what do you think?
this regression (about blocking inline images, horking msg compose, etc), is fixed.
but I'll spin up a new one about the gopher issue, and the change to whitelist /
black list to improve blocking remote images.
the issue about catching more protocols is bug #203940
we can take the discussion there, too.
Great, thanks for clarifying Seth... and thanks for opening the new bug, btw. ;)
*** Bug 204125 has been marked as a duplicate of this bug. ***
nbaca points out:
"With the pref selected: I went to a website and drag-n-dropped a graphic file
into a compose window and the image does not appear. Sent the message to myself
and a test account. In both accounts I can view the image whether the pref is
selected or not. Why wouldn't I want to see the image when composing the message?"
she's right, that's a bug.
what I fixed, when I check in that last patch, was a similar type of problem,
but when you'd try to insert local (file://) images
I had accidentally busted that.
but, I forgot about dnd from web pages
that's http (not ftp) and we should not be blocking that for compose, *ever*,
like you point out.
this pref is supposed to only affect message display
when loading a message, we check the pref
and if we aren't supposed to load remote images
(currently, if the image has the scheme of http:// or https://) we block it.
but again, that should only be in message display, not compose
note, even if we are allowing remote images.
we will never allow ftp:// images
the reason is a privacy issue
if I'm a spammer, I could do
and you could have set it so we send your email address
as your password, for anonyous ftp access!
(see Edit | Prefs | Advanced | Send this email address as anonyous ftp password)
I'll look into the dnd from http compose issue.
Trunk build 2003-05-20: WinMe, Mac 10.1.5
Verified Fixed so local file images now appear.
Logged bug# 205009 to track the problem during a dnd of images from a web page
when composing a new message.
Oops, not bug# 205009, use bug# 206793 for the dnd of images from a web page
when composing a new message problem.