Closed
Bug 291627
Opened 19 years ago
Closed 19 years ago
download manager displays wrong filename when downloading data: url
Categories
(Toolkit :: Downloads API, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 291064
People
(Reporter: pvnick, Assigned: dveditz)
References
()
Details
(Keywords: regression, Whiteboard: [sg:fix])
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.40607) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 When a specially crafted data: url is navigated to, the download manager asks the user if he/she wants to open or save the file. However, it displays the location of the file, not the actual filename. Reproducible: Always Steps to Reproduce: 1. Navigate to the address data:application/hta;ISO-8859-1,<script>alert (location.href)</script> 2. Choose "Save" 3. Open the file Actual Results: mshta.exe opens a file containing <script>alert(location.href)</script> Expected Results: display the filename of the target file, not the address this could be performed by guillable/ignorant web users to unknowingly compromise their system
Assignee | ||
Comment 1•19 years ago
|
||
This is dependent on bugs 290829, 291064 -- those bugs fix dialog breakage for nsSimpleURL types such as data: The exception thrown in initIntro() aborts the setup code before it does the isExecutable checks, among other things.
Assignee: bugs → dveditz
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking-aviary1.1+
Flags: blocking-aviary1.0.4?
Keywords: regression
Whiteboard: [sg:fix]
Assignee | ||
Comment 2•19 years ago
|
||
testcase URL is missing, might as well dupe to the fix *** This bug has been marked as a duplicate of 291064 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Flags: blocking-aviary1.0.5?
Resolution: --- → DUPLICATE
Assignee | ||
Updated•19 years ago
|
Group: security
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•