Closed
Bug 274045
Opened 20 years ago
Closed 20 years ago
input field not escaped
Categories
(Bugzilla :: Reporting/Charting, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 273085
People
(Reporter: bugzilla, Assigned: gerv)
References
()
Details
(Whiteboard: should be UNCONFIRMED)
https://bugzilla.mozilla.org/query.cgi?bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&long_desc=Error%3A%20uncaught%20exception%3A%20%5BException...%20%22Component%20returned%20failure%20code%3A%200x804b000a%20%5BnsIURI.spec%5D%22%20%20nsresult%3A%20%220x804b000a%20%28%3Cunknown%3E%29%22%20%20location%3A%20%22JS%20frame%20%3A%3A%20chrome%3A%2F%2Fbrowser%2Fcontent%2FcontentAreaUtils.js%20%3A%3A%20urlSecurityCheck%20%3A%3A%20line%2093%22%20%20data%3A%20no%5D&long_desc_type=allwordssubstr will produce a weird looking page with this: <input name="long_desc" size="40" some input field is not being escaped could perhaps be used for XSS?
Reporter | ||
Updated•20 years ago
|
Version: unspecified → 2.17.6
I don't seem to see the problem on the page - has b.m.o been fixed super-quickly, or am I looking at the wrong thing?
Assignee | ||
Comment 2•20 years ago
|
||
I don't see it on my local installation, either on the tip or the 2.18 branch. Henrik: can you attach a screenshot? Gerv
Group: webtools-security
Comment 3•20 years ago
|
||
The provided URL has an elipsis in the middle of it... was that intentional or did it get truncated when you pasted?
note that mrbkap and others have noticed signs of mozilla losing characters which would result in various problems.
Updated•20 years ago
|
OS: Windows XP → All
Hardware: PC → All
Whiteboard: should be UNCONFIRMED
(In reply to comment #3) > The provided URL has an elipsis in the middle of it... was that intentional or > did it get truncated when you pasted? > The search seems to be for the Comment: Error: uncaught exception: [Exception... "Component returned failure code: 0x804b000a [nsIURI.spec]" nsresult: "0x804b000a (<unknown>)" location: "JS frame :: chrome://browser/content/contentAreaUtils.js :: urlSecurityCheck :: line 93" data: no] WFM.
please reopen if you disagree, or remove the security flag if you agree. *** This bug has been marked as a duplicate of 273085 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Group: webtools-security
Status: RESOLVED → VERIFIED
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•