Closed Bug 251894 Opened 21 years ago Closed 21 years ago

Saved HTML pages should include location meta-data per XP SP2

Categories

(Core Graveyard :: File Handling, enhancement)

Product:
Core Graveyard
Component:
File Handling
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 125729

People

(Reporter: nrlz, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 Windows XP SP2 includes a security feature that forces a locally saved HTML page to be restricted to the untrusted Internet Zone if it includes a special comment. Ref: "Changes to Local Machine Zone for Windows XP Service Pack 2" (scroll down) http://msdn.microsoft.com/workshop/security/szone/overview/overview.asp The comment looks like this and is added after the DOCTYPE tag: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"> <!-- saved from url=(0032)http://geocities.yahoo.com/home/ --> <HTML><HEAD>... I suggest having Firefox/Mozilla also add this tag to saved HTML pages to harness the improved security model on XP machines. The advantage is that local HTML pages can be downloaded and viewed from the local computer but is still restricted to the internet zone and therefore cannot request pages outside its domain (via frames, XMLHttpRequest, etc.) and cannot execute local applications (via redirection through "file://", Directory Traversal, etc.). Reproducible: Always Steps to Reproduce: Expected Results: <!-- saved from url=(0032)http://geocities.yahoo.com/home/ -->
what happens if no doctype tag is present? what's the meaning of the (0032)?
dup of bug 125729?
ah right *** This bug has been marked as a duplicate of 125729 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
This one isn't exactly a DUP as this enhancement serves the purpose of harnessing Windows XP SP2's security model, which the other thread doesn't consider. To harness XP SP2's security model, the URL MUST follow the comment style stipulated in the MSDN documentation. I think this thread should be merged with the other.
that's true, although this is a bit pointless because only msie supports that "security" feature.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.