Fix string URI consumers to use CheckLoadURIStr

RESOLVED INVALID

Status

RESOLVED INVALID
13 years ago
12 years ago

People

(Reporter: bzbarsky, Assigned: csthomas)

Tracking

Trunk
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

At least the following consumers in Seamonkey code use CheckLoadURI for strings, which we've discovered (in bug 334341) is unsafe:

<method name="onLinkAdded"> in tabbrowser.xml

These should probably be switched to CheckLoadURIStr or something...  And other consumers of CheckLoadURI should be checked over.
Flags: blocking-seamonkey1.1a?
Flags: blocking-seamonkey1.0.2?

Comment 1

13 years ago
We certainly want this fixed for any upcoming release, esp. security releases :)
Flags: blocking-seamonkey1.1a?
Flags: blocking-seamonkey1.1a+
Flags: blocking-seamonkey1.0.2?
Flags: blocking-seamonkey1.0.2+
http://developer.mozilla.org/en/docs/Safely_loading_URIs has some information about this. Basically, everything that ends up loading URIs via a docshell should use checkLoadURIStr instead of checkLoadURI to ensure that the fixed up URI is also checked.
Created attachment 221771 [details] [diff] [review]
patch

My best guess (well, the other option is to pass href directly, but if we use the uri for the load, might as well use its spec).
Attachment #221771 - Flags: review?(neil)
Created attachment 221776 [details] [diff] [review]
v2
Assignee: general → cst
Attachment #221771 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #221776 - Flags: review?(bzbarsky)
Attachment #221771 - Flags: review?(neil)
Comment on attachment 221776 [details] [diff] [review]
v2

I'm not a peer for this code.  Please don't ask me for review on UI patches, in general...
Attachment #221776 - Flags: review?(bzbarsky)

Comment 6

12 years ago
(In reply to comment #2)
>Basically, everything that ends up loading URIs via a docshell should use
>checkLoadURIStr instead of checkLoadURI
Except this URI isn't loading via a docshell, it's the source of an image.
bz: feel free to reopen if I've misunderstood this bug.
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
No, if this is loading an image then it's fine.

Updated

12 years ago
Attachment #221776 - Flags: review?(neil)
Group: security
Flags: blocking-seamonkey1.1a+
Flags: blocking-seamonkey1.0.2+
You need to log in before you can comment on or make changes to this bug.