Open Bug 302846 Opened 20 years ago Updated 3 years ago

nsSecurityManager::GetBaseURIScheme should assume "about safe"

Tracking

()

Status:

NEW

People

(Reporter: dveditz, Assigned: dveditz)

Details

Daniel Veditz [:dveditz]

Assignee

Description

•

20 years ago

nsSecurityManager::GetBaseURIScheme has a list of about: pages that get turned into "about safe" for checkLoadURI comparisons. It would be a shorter list of strcmps, and a safer default when new about schemes are added, if we assumed "safe" and required the privileged ones to be explicitly listed.

Boris Zbarsky [:bzbarsky]

Comment 1

•

20 years ago

Aren't the "safe" ones allowed to be linked to from untrusted content?

Phil Ringnalda (:philor)

Updated

•

16 years ago

QA Contact: caps

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

nsSecurityManager::GetBaseURIScheme should assume "about safe"

Categories

(Core :: Security: CAPS, defect)

Tracking

()

People

(Reporter: dveditz, Assigned: dveditz)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated