Closed
Bug 312229
Opened 19 years ago
Closed 19 years ago
Security settings do not allow for localhost pages to use file:// protocol
Categories
(Firefox :: Security, enhancement)
Tracking
()
RESOLVED
DUPLICATE
of bug 233108
People
(Reporter: nzonegus, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 I use webhhtrack to mirror pages and information from the web. It's server runs on the local machine and stores everythign on the local machine, but does not "serve" the mirrored pages. For example, I access the server at localhost:8080 and can mirror pages using this interface. But when I use it to view my mirrored pages, it attempts to change the location [via "window.open()"] to "file://f:/ebooks" --- this is where I mirror everything. After checking the javascript console, I find a security error. I eventually found the setting to control it, but switching that would open up a security vulnerability (Internet pages loading files from the local system). So instead of always blocking, a setting be created to allow/disallow localhost to access the file protocol and another to force a prompt. Reproducible: Always Steps to Reproduce: 1.start a small webserver on the host system. 2.create a local web pages using it that contains a link to a file on the system. The link should be absolute and use the "file://" protocol 3.access the page using browser (ex. "localhost//testpage.html") 4.click on the link Actual Results: The browser will not show the page, nor will it show an error. Expected Results: It should have shown the page, but I understand the potential security issue here. Maybe, policy settings could be implemented?
Comment 1•19 years ago
|
||
Already fixed for Firefox 1.5, I think in bug 233108. See also bug 307382. *** This bug has been marked as a duplicate of 233108 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Comment 2•19 years ago
|
||
http://kb.mozillazine.org/Links_to_local_pages_don%27t_work has instructions for using the new prefs.
You need to log in
before you can comment on or make changes to this bug.
Description
•