Closed Bug 264968 Opened 21 years ago Closed 21 years ago

[v1.8a5-1016+ nightlies] 'file://' images from http website are blocked by security !

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED INVALID
Milestone:
mozilla1.8alpha5

People

(Reporter: sgautherie, Unassigned)

References

(
URL
)

Details

(Keywords: regression)

Attachments

(2 files, 3 obsolete files)

v1.8a4, good display
105.70 KB, image/jpeg
Details
v1.8a5-1016, bad display
89.32 KB, image/jpeg
Details
Observed will testing bug 263653 comment 11: [Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a4) Gecko/20040927] (release) (W98SE) and previous trunk Page displays(/saves) fine. Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041017 Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041018 Very buggy. I never saw this kind of behaviour before, and don't have a clue about it. I'll attached 3 files to show the 'Save Page As (Html Only)' results.
I used v1.7.3 as a _reference_, because v1.8a4 displays fine, but has bug 263653 which prevents saving this page.
This one displays and saves fine, but is not how I usually use the site.
This should be like v1.7.3/FILE, but is not: the right part of the page almost doesn't display, and Save As just saves 3 KB out of 35 KB :-((
Attachment #162523 - Attachment description: Saved page, by v1.7.3 → Saved page, by v1.7.3 using FILE images, WORKING
Attachment #162524 - Attachment description: Saved page, by v1.8a5 using HTTP images → Saved page, by v1.8a5-18 using HTTP images
Attachment #162525 - Attachment description: Saved page, by v1.8a5 using FILE images, BROKEN → Saved page, by v1.8a5-18 using FILE images, BROKEN
Boris: Tell me if you have a hint, or if I should play nighly-testing some more... NB: Of course, the file:// url in the attachements won't have anything to load on your computer :-/ (but it doesn't matter to see the SaveAs issue)
Target Milestone: --- → mozilla1.8alpha5
Summary: [v1.8a5 nighlies] A case of page displaying very badly, and Save Page As truncating the source ! → [v1.8a5 nightlies] A case of page displaying very badly, and Save Page As truncating the source
So how do I reproduce this bug, exactly? All I see is a URL that works fine in the URL field and three attachments that have totally different HTML. Please either provide steps to reproduce (and don't file bugs as NEW without such) or provide a minimal testcase.... Failing either of those, the one-day regression window may help, yes.
(In reply to comment #5) Steps: similar to bug 263653 = too hard to explain/... :-( Testcase: I don't have a clue on what triggers this bug. > Failing either of those, the one-day regression window may help, yes. Done :-/ Regressed between 2004-10-15-06-trunk and 2004-10-16-07-trunk ! Working: 2004-09-29-07-trunk Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20040929 2004-10-09-07-trunk Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041009 2004-10-13-06-trunk Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041013 2004-10-15-06-trunk Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041015 Regressed: 2004-10-16-07-trunk Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041016 2004-10-17-07-trunk Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041017
Attached image v1.8a4, good display
Attachment #162523 - Attachment is obsolete: true
Attachment #162524 - Attachment is obsolete: true
Attachment #162525 - Attachment is obsolete: true
Part Display) I checked the display part only while testing nighlies. Part SavePageAs) Then I checked the save part on Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041016 only, and it worked fine. Either something went wrong in my initial test, or it's a new bug in v1.8a5-1017 or v1.8a5-1018 !? Let's solve the display issue, then I'll check again for the save issue.
Summary: [v1.8a5 nightlies] A case of page displaying very badly, and Save Page As truncating the source → [v1.8a5-1016+ nightlies] A case of page displaying very badly ! (and Save Page As truncating the source ?)
> Regressed between 2004-10-15-06-trunk and 2004-10-16-07-trunk ! Oh, I see. This page was loading the images from a file:// URI? That's when we landed a security check for that sort of crap. See bug 69070. In short, untrusted pages can't do that anymore.
Right: I was/am too tired to have thought to look at the JS.C.: plenty of {{ Security Error: Content at http://www.battle-arenas.net/arenes.php may not load or link to file:///W:/Progs/@Battle-Arenas/ba_pack/arene/sols/sa_x_0.gif. }} I read (quickly) bug 69070... The case is: this site is a "graphical" game site, and there is a zip file to download and uncompress on local disk to speed up the display of all the images, this makes less use of HTTP and server ressources too: that's all the file:// images. The question is: I understand the security interest of the fix, but (how) can the previous behaviour/benefits be achieved now ?
At the moment, they cannot. Once bug 233108 is fixed, you could allow just this site access to your hard drive (taking the associated security risks, of course). Marking invalid, since it sounds like things are working the way they should be.
-> INVALID per comments.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
Agreed. I checked again the SaveAs issue with 1016, 1017, 1018 nighlies: couldn't reproduce. Sorry.
Severity: critical → major
Status: RESOLVED → VERIFIED
Summary: [v1.8a5-1016+ nightlies] A case of page displaying very badly ! (and Save Page As truncating the source ?) → [v1.8a5-1016+ nightlies] 'file://' images from http website are blocked by security !
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: