Closed Bug 284878 Opened 20 years ago Closed 20 years ago

the false value for security.checkloadURI does like the true value

Categories

(Firefox :: Settings UI, defect)

Product:
Firefox
Component:
Settings UI
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: snap.56k, Assigned: bugs)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.6) Gecko/20050226 Firefox/1.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.6) Gecko/20050226 Firefox/1.0.1

By default, Firefox disable online websites to reach local files. But there is
some non-evil website providing "Skin pack": the user download all the skin
files, and the website try to load them with a <img
src="file:///c/website/skin/pic.jpg" />. It's better for the server and the user...
So there is the security.checkloadURI pref to enable this feature, but it
doesn't work when it's set to false (disabling security protection).


Reproducible: Always

Steps to Reproduce:
1. In about:config or prefs.js, set the security.checkloadURI value to false
2. Subscribe to a online-game (like ogame.de or ogame.fr, sorry I don't know
english equivalent) wich provide some "Skin packs" or upload a HTML containing
the code in "Additional Information" (if you do this, you have to put a pic.jpg
file in c:\test\)
3. Load the webpage
Actual Results:  
Firefox doesn't show local pics

Expected Results:  
Firefox should show these when security.checkloadURI is set to false

<html>
<body>
<img src="file:///c:/test/pic.jpg" />
</body>
</html>
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
sorry for bugspam, long-overdue mass reassign of ancient QA contact bugs,
filter on "beltznerLovesGoats" to get rid of this mass change
QA Contact: mconnor → preferences
You need to log in before you can comment on or make changes to this bug.