<img src="file:///C:/blah.png"> fails to load

RESOLVED INVALID

Status

()

Firefox
File Handling
RESOLVED INVALID
13 years ago
13 years ago

People

(Reporter: ajbaxter, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

loading an image off the local hard drive doesnt work.
works in IE6, almost works in Opera7.53
adviced it fails due to potential security risk; yet the URL the page came from
was literally 127.0.0.1/



Reproducible: Always

Steps to Reproduce:
1. place a p.png file in C:/
2. look at  http://www.fourspace.com.au/t5.html  it validates with w3.org

Actual Results:  
IE6 displays the image, Opera gets all details and makes placeholder but does
not render the pixels;  Firefox1.0.4 (appears to) ignores the whole html tag.

Expected Results:  
displayed the image.

if its a "security" issue to load an image from the local hard drive; the fact
the URL was obtained from 127.0.0.1 should turn off that security "feature".
(Reporter)

Updated

13 years ago
Version: unspecified → 1.0 Branch
See bug 176502, bug 272100, bug 268778, bug 282798 and a hundred others. Remote
sites linking to local content is a security issue, and is therefore not allowed.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → INVALID
Version: 1.0 Branch → unspecified
(Reporter)

Comment 2

13 years ago
the html was loaded from 127.0.0.1  (there is no security risk).
how about a secret hidden down the back somewhere feature i can turn on, that 
allows html from 127.0.0.1 to load local images.





Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
You can set the "security.checkloaduri" pref to false if you want to allow this,
but that could potentially allow cross site scripting and other attacks, so I
woul strongly recommend you not do that for day to day browsing.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.