296708 - <img src="file:///C:/blah.png"> fails to load

Status: RESOLVED INVALID

(Firefox :: File Handling, defect)

Description

[ajbaxter]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

loading an image off the local hard drive doesnt work.
works in IE6, almost works in Opera7.53
adviced it fails due to potential security risk; yet the URL the page came from
was literally 127.0.0.1/



Reproducible: Always

Steps to Reproduce:
1. place a p.png file in C:/
2. look at  http://www.fourspace.com.au/t5.html  it validates with w3.org

Actual Results:  
IE6 displays the image, Opera gets all details and makes placeholder but does
not render the pixels;  Firefox1.0.4 (appears to) ignores the whole html tag.

Expected Results:  
displayed the image.

if its a "security" issue to load an image from the local hard drive; the fact
the URL was obtained from 127.0.0.1 should turn off that security "feature".

Comment 1

[:Gavin Sharp [email: gavin@gavinsharp.com]]

See bug 176502, bug 272100, bug 268778, bug 282798 and a hundred others. Remote
sites linking to local content is a security issue, and is therefore not allowed.

Comment 2

[ajbaxter]

the html was loaded from 127.0.0.1  (there is no security risk).
how about a secret hidden down the back somewhere feature i can turn on, that 
allows html from 127.0.0.1 to load local images.

Comment 3

[:Gavin Sharp [email: gavin@gavinsharp.com]]

You can set the "security.checkloaduri" pref to false if you want to allow this,
but that could potentially allow cross site scripting and other attacks, so I
woul strongly recommend you not do that for day to day browsing.