Closed
Bug 305978
Opened 19 years ago
Closed 18 years ago
onunload trap - View Source shows the URL you tried to load, not the URL that was loaded
Categories
(Toolkit :: View Source, defect)
Toolkit
View Source
Tracking
()
RESOLVED
DUPLICATE
of bug 253497
People
(Reporter: boonstoppel, Unassigned)
References
()
Details
(Whiteboard: [sg:dupe 253497])
Attachments
(1 file)
166 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
after leaving the site (onunload). it may not be possible to redirect the page
somewhere else.
Reproducible: Always
Steps to Reproduce:
1. load the unload.html to into your browser
2. type new address into your addressbar
Actual Results:
the browser redirects to the url defined in the onunlad function
Expected Results:
ignore redirectings after manually leaving the site...?
Reporter | ||
Comment 1•19 years ago
|
||
if you "view the source" after the redirect. you see the source of page you
typed into your addressbar.
Reporter | ||
Comment 2•19 years ago
|
||
if you view the source-code after the page redirected. you see the source of
the page you typed into addressbar. but you see the page the browser redirected
to.
Comment 3•19 years ago
|
||
This is mostly a dup of bug 251944. I'm morphing this bug to only cover the
View Source issue, which isn't mentioned in bug 251944.
Confirmed with Firefox 1.0.6 on Mac.
I can reproduce the trapping effect on the Gecko 1.8 branch (Aug 25), but view
source works properly there.
Bug 278418 is related.
Whiteboard: [sg:fix]
Updated•19 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: if you type a new url in the addressbar the browser redirects to the defined url kicked in onunload → onunload trap - View Source shows the URL you tried to load, not the URL that was loaded
Version: unspecified → 1.0 Branch
Comment 4•19 years ago
|
||
I filed bug 305995 on a Gecko1.8/trunk crash with the same testcase.
Updated•19 years ago
|
Flags: blocking-aviary1.0.7?
Comment 5•19 years ago
|
||
I still see the same view-source issue with Firefox 1.5 using the attached testcase. Is this really a security issue? A site could use it in an attempt to obscure their source code (by forcing you through some other site first) but that's pretty weak (the web-developer extension "view-source" feature sees right through it, as would something like wget).
Can we clear the security flag?
Flags: blocking-aviary1.0.8? → blocking-aviary1.0.8-
Version: 1.0 Branch → unspecified
Comment 6•19 years ago
|
||
I'm not too worried about the fact that you see the wrong stuff when you View Source. I'm more worried that things other than View Source might get the page's URL in the same way.
Updated•19 years ago
|
Whiteboard: [sg:fix] → [sg:investigate]
Updated•18 years ago
|
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Updated•18 years ago
|
Group: security
Whiteboard: [sg:investigate] → [sg:dupe 253497]
Assignee | ||
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•