Closed Bug 311482 Opened 19 years ago Closed 19 years ago

After setting security.checkloaduri to false, file URLs are still forbidden

Categories

(Firefox :: General, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: s.marshall, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1

In Firefox 1.5 beta 2, I am trying to make pages with links to file URLs, such
as the following:

<script src="file:///c:/hack.js" type="text/javascript"></script>

This is prevented by a security error which appears in the Javascript console:

Security Error: Content at
http://lyceum.open.ac.uk/temp/firefoxbugs/filelinks.html may not load or link to
file:///c:/hack.js.

This behaviour is as designed. But, available documentation suggests that if you
set the property security.checkloaduri to false, this check should be bypassed
(thus allowing developers etc. to make their own browsers work). In fact,
setting that property to false in about:config makes no difference and the error
still appears.







Reproducible: Always

Steps to Reproduce:
1. In about:config, set security.checkloaduri to false
2. Open Javascript console and clear it
3. Visit http://lyceum.open.ac.uk/temp/firefoxbugs/filelinks.html

Actual Results:  
Security errors appear in the javascript console.

Expected Results:  
After turning off security.checkloaduri there should be no security errors. If
you have the file c:\hack.js, it should run.

Maybe this is a documentation issue and there's some other preference that needs
setting? security.checkloaduri is the only one I found when googling for that
message.
This pref does no longer exist in newer Firefox releases, see:

http://kb.mozillazine.org/Links_to_local_pages_don%27t_work
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
*** Bug 312684 has been marked as a duplicate of this bug. ***
*** Bug 331348 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.