Closed
Bug 209029
Opened 22 years ago
Closed 22 years ago
Boomarklet opening Bugzilla erroneously sends a referer
Categories
(SeaMonkey :: Bookmarks & History, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 122668
People
(Reporter: glazou, Assigned: p_ch)
Details
1. start Mozilla 2. add the following bookmarklet to your personal bookmark toolbar name of bookmark: bugzilla url: javascript:aa=prompt(%22File Name?%22,%22%22);window.location=%22http://bugzilla.mozilla.org/show_bug.cgi?id=%22+aa;void(0) 3. open URL http://www.slashdot.org/ 4. click on bookmarklet in personal bookmark toolbar and enter a bug number for instance 137092 Expected result : bugzilla bug 137092 displayed Actual result: message "Sorry, links to Bugzilla from Slashdot are disabled." Since the bugzilla bug is not downloaded by a click in the slashot page, the slashot referer should probably not be included in the request...
Comment 1•22 years ago
|
||
Bookmarklets just execute in the JS context of the page. There is no way to tell a bookmarklet apart from typing the javascript: url in the URL bar, and no way to tell either apart from the page itself executing some JS. The JS context thing is necessary for the bookmarklet to have access to the page DOM (if it's not in the JS context of the page, and not running as chrome, the security system blocks it). Running bookmarklets as chrome has been discussed, but it would open such huge gaping security holes (via trivial social engineering) that it was decided against.
Dupe of bug 122668?
Comment 3•22 years ago
|
||
Yup. *** This bug has been marked as a duplicate of 122668 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•