Closed Bug 359402 Opened 18 years ago Closed 18 years ago

Loading remote images in RSS articles is broken

Categories

(Thunderbird :: General, defect)

x86
Windows XP
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
Thunderbird2.0

People

(Reporter: mscott, Assigned: mscott)

References

Details

(Keywords: verified1.8.1.3)

Bug 330443 caused a regression on the trunk for RSS feeds which are loading the web page in an iframe.

i.e.

<iframe src="http url for the article">

the requesting location for the imae is the src of the iframe and not the mailbox url loading the message. We end up always denying the load because we can't get the information we need. Before 330443 we threw an error so the content policy manager ignored our reject request. After 330443 landed, we don't return an error so the reject decision takes place.
Blocks: 330443
Flags: blocking-thunderbird2+
Using version 3 alpha 1 (20061102) I see the exception below in the error console:
Error: uncaught exception: [Exception... "Security error"  code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location: "<unknown>"]
BUT..The html page in question does load, even with the error.
I'm only bringing this up due to the possibilty that the intended security restriction in #330443 is being ignored. I for one, indeed think that many of these
"security" changes are much too limiting, so personally don't care.
Just an FYI on the security implications.
Source for the rss feed:
<html>
  <head>
    <title>The Burning Mountain</title>
    <base href="http://www.nasa.gov/multimedia/imagegallery/image_feature_690.html">
    <style type="text/css">
      
      body {
        margin: 0;
        border: none;
        padding: 0;
      }
      iframe {
        position: fixed;
        top: 0;
        right: 0;
        bottom: 0;
        left: 0;
        border: none;
      }

    </style>
  </head>
  <body>
    
    <iframe id ="_mailrssiframe" src="http://www.nasa.gov/multimedia/imagegallery/image_feature_690.html">
      Over 120 million years ago, a single mass of granite punched through the Earth?s crust and intruded into the heart of the Namib Desert in what is now northern Namibia
    </iframe>

  </body>
</html>

I've fixed this regression on the trunk as part of Bug 359479 which is a security bug that you can't see. sorry! But it should be fixed in tomorrow's builds. 
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
this got fixed on the branch as well when Bug 359479 landed there.
Keywords: fixed1.8.1.1
verified fixed 1.8.1.3 on Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.0 ID:2007032620 - tested the remote images in RSS Articles and its working fine.
You need to log in before you can comment on or make changes to this bug.