Closed
Bug 312643
Opened 19 years ago
Closed 19 years ago
phishingdetector exception for relative urls
Categories
(Thunderbird :: General, defect)
Thunderbird
General
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird2.0
People
(Reporter: mkmelin, Assigned: mkmelin)
Details
(Keywords: fixed1.8.1)
Attachments
(1 file)
|
956 bytes,
patch
|
mscott
:
review+
mscott
:
superreview+
mscott
:
approval1.8.1+
|
Details | Diff | Splinter Review |
Mails that contain relative links e.g. <a href="somefile.html">file</a> will make the phishingdetector throw an exception -> no more checking for the message. Error: [Exception... "Component returned failure code: 0x804b000a [nsIIOService.newURI]" nsresult: "0x804b000a (<unknown>)" location: "JS frame :: chrome://messenger/content/phishingDetector.js :: isPhishingURL :: line 67" data: no] Source File: chrome://messenger/content/phishingDetector.js Line: 67 Patch coming up.
|
Assignee | |
Comment 1•19 years ago
|
||
Attachment #199758 -
Flags: review?(mscott)
|
||
Comment 2•19 years ago
|
||
Shouldn't you be passing in the baseURI of the document so that the link is resolved correctly? What happens if the email contains a <base href=""> tag? I'm not familiar with how Thunderbird displays messages with such links, but it looks to me like this patch would introduce a failure point for the phishing detector.
|
|
Assignee | |
Comment 3•19 years ago
|
||
(In reply to comment #2) > Shouldn't you be passing in the baseURI of the document so that the link is > resolved correctly? What happens if the email contains a <base href=""> tag? I'm That resolving handled by the dom automatically AFAIK. This patch wouldn't change how <base> is handled. > not familiar with how Thunderbird displays messages with such links, but it > looks to me like this patch would introduce a failure point for the phishing > detector. I don't see how. It would only make a difference in the cases where someone has included a relative link. Now we just stop checking the message because of the exception. With the patch, we go on to check the next link.
|
|
||
Comment 4•19 years ago
|
||
(In reply to comment #3) > That resolving handled by the dom automatically AFAIK. This patch wouldn't > change how <base> is handled. Ah, indeed, it's using the property and not the attribute. Nevermind! :) > I don't see how. It would only make a difference in the cases where someone has > included a relative link. Now we just stop checking the message because of the > exception. With the patch, we go on to check the next link. Right, but my example was: <base href="http://1.2.3.4/"> <a href="page.html"> and I was worried you'd be skipping over such a link.
|
||
Comment 5•19 years ago
|
||
Magnus/Gavin are you both in agreement with the patch now? Sounds like there was some discussion going on here.
|
|
||
Comment 6•19 years ago
|
||
Yes, that patch looks correct to me. If the href property cannot be parsed as a URI, the link should be harmless.
|
|
Assignee | |
Comment 7•19 years ago
|
||
Yeah, I'm ok with it too.
|
|
||
Comment 8•19 years ago
|
||
Comment on attachment 199758 [details] [diff] [review] proposed fix cool.
Attachment #199758 -
Flags: superreview+
Attachment #199758 -
Flags: review?(mscott)
Attachment #199758 -
Flags: review+
|
|
Assignee | |
Updated•19 years ago
|
Whiteboard: [has r+sr, needs checkin]
|
|
||
Comment 9•19 years ago
|
||
I can check this in later tonight.
|
|
||
Updated•19 years ago
|
Assignee: mscott → mkmelin+bugzilla
|
|
||
Comment 10•19 years ago
|
||
Checked in on the trunk. mozilla/mail/base/content/phishingDetector.js; new revision: 1.14;
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird2.0
Version: 1.5 → Trunk
|
|
||
Updated•19 years ago
|
Attachment #199758 -
Flags: approval1.8.1+
|
|
||
Updated•19 years ago
|
Whiteboard: [has r+sr, needs checkin] → [checkin needed (1.8 branch)]
|
|
||
Comment 11•18 years ago
|
||
mozilla/mail/base/content/phishingDetector.js; new revision: 1.12.2.4;
Keywords: fixed1.8.1
Whiteboard: [checkin needed (1.8 branch)]
You need to log in
before you can comment on or make changes to this bug.
Description
•