Created attachment 152856 [details] demo for firefox This demo works in Firefox and Mozilla, but it works better in Firefox.
Mike, this should block Mozilla 1.7.2.
-> Browser product so we can make it block more releases
+ing for dveditz to look at.
dan any updates on when a patche will be ready for this?
why not disallow dragging into location bar if the protocol or the begining of the URL is not "http" or "https" ? i don't see any functional advantage of dragging into location bar compared to clicking or middle clicking.
sorry, didn't see the demo. obviously the problem is not the location bar.
Created attachment 156550 [details] [diff] [review] Same thing for both Firefox and SeaMonkey
Comment on attachment 156550 [details] [diff] [review] Same thing for both Firefox and SeaMonkey sr=dveditz
13 years ago
Comment on attachment 156550 [details] [diff] [review] Same thing for both Firefox and SeaMonkey a=asa for branch landings.
looks like with the patch dragging "file" and "chrome" urls still may work which may lead to trouble. why not use a safe whitelist?
We decided against blocking chrome for now, we'll need to investigate the results of blocking that more before flipping the switch. Bug 250725 is for tracking that part, but that, in combination with this, is really bad, thus the fix for this to start with.
Fixed on trunk, aviary, and 1.7 branches.
Fixed on the 1.7.2 branch now too.
Verified with Firefox 0.10 and Mozilla 1.7.3 on windows XP
verified windows 1.7.5 12/15
13 years ago
What about images in data: URL's? It could be useful to allow these, as right now there's a little incoherence: you can drag file: or http: based images but not data: ones.