Closed
Bug 251894
Opened 20 years ago
Closed 20 years ago
Saved HTML pages should include location meta-data per XP SP2
Categories
(Core Graveyard :: File Handling, enhancement)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 125729
People
(Reporter: nrlz, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 Windows XP SP2 includes a security feature that forces a locally saved HTML page to be restricted to the untrusted Internet Zone if it includes a special comment. Ref: "Changes to Local Machine Zone for Windows XP Service Pack 2" (scroll down) http://msdn.microsoft.com/workshop/security/szone/overview/overview.asp The comment looks like this and is added after the DOCTYPE tag: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"> <!-- saved from url=(0032)http://geocities.yahoo.com/home/ --> <HTML><HEAD>... I suggest having Firefox/Mozilla also add this tag to saved HTML pages to harness the improved security model on XP machines. The advantage is that local HTML pages can be downloaded and viewed from the local computer but is still restricted to the internet zone and therefore cannot request pages outside its domain (via frames, XMLHttpRequest, etc.) and cannot execute local applications (via redirection through "file://", Directory Traversal, etc.). Reproducible: Always Steps to Reproduce: Expected Results: <!-- saved from url=(0032)http://geocities.yahoo.com/home/ -->
Comment 1•20 years ago
|
||
what happens if no doctype tag is present? what's the meaning of the (0032)?
dup of bug 125729?
Comment 3•20 years ago
|
||
ah right *** This bug has been marked as a duplicate of 125729 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
This one isn't exactly a DUP as this enhancement serves the purpose of harnessing Windows XP SP2's security model, which the other thread doesn't consider. To harness XP SP2's security model, the URL MUST follow the comment style stipulated in the MSDN documentation. I think this thread should be merged with the other.
Comment 5•20 years ago
|
||
that's true, although this is a bit pointless because only msie supports that "security" feature.
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•