Closed
Bug 401343
Opened 17 years ago
Closed 17 years ago
restrict web-based protocol handlers to http/https
Categories
(Core Graveyard :: File Handling, defect, P1)
Core Graveyard
File Handling
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla1.9beta2
People
(Reporter: Waldo, Assigned: florian)
References
Details
(Whiteboard: [proto][has-patch])
Attachments
(2 files)
408 bytes,
text/html
|
Details | |
2.29 KB,
patch
|
Gavin
:
review+
|
Details | Diff | Splinter Review |
I shouldn't be able to register a URI as a content handler to which I couldn't create a link. URL encoding makes this a bit tricky to actually make work, but if you can find a file whose name contains a colon, you can load it by using the newly-registered protocol. Stuff like "file:///bin/rm -rf %s" falls afoul of the encoding restriction. The example given here works for me if I create a file named "test:bar" in the right location. I tend to think we should go beyond "create a link" to "is a URL from a specific blacklist of protocols", because this works partly because file: URL objects have a non-throwing .host property, and I wouldn't trust that to always hold for anything we care about (also extensions as well).
Flags: blocking1.9?
Updated•17 years ago
|
Summary: Need some checkLoadURI love, blacklist (?) for registerContentHandler → Need some checkLoadURI love, blacklist (?) for register{Content,Protocol}Handler
Whiteboard: [proto]
Comment 1•17 years ago
|
||
At the security review for the web-based protocol handling, we tentatively decided to go one better and restrict it to http: or https: URIs until such time as someone comes up with a compelling use case for opening it up more. We might want to suggest this to the WhatWG as well.
Summary: Need some checkLoadURI love, blacklist (?) for register{Content,Protocol}Handler → restrict protocol / content handlers to http/https
Comment 2•17 years ago
|
||
Looks like the registerContentHandler used by Firefox already has this restriction; we only really need to fix registerProtocolHandler. But see also bug 401535 about how this logic really shouldn't need to be implemented once per frontend.
Updated•17 years ago
|
Summary: restrict protocol / content handlers to http/https → restrict protocol to http/https
Updated•17 years ago
|
Summary: restrict protocol to http/https → restrict web-based protocol handlers to http/https
Updated•17 years ago
|
Flags: blocking1.9? → blocking1.9+
Updated•17 years ago
|
Priority: -- → P1
Updated•17 years ago
|
Assignee: nobody → dmose
Updated•17 years ago
|
Assignee: dmose → f.qu
Assignee | ||
Comment 3•17 years ago
|
||
Attachment #287748 -
Flags: review?(gavin.sharp)
Updated•17 years ago
|
Whiteboard: [proto] → [proto][has-patch]
Updated•17 years ago
|
Priority: P1 → --
Updated•17 years ago
|
Priority: -- → P1
Comment 4•17 years ago
|
||
Comment on attachment 287748 [details] [diff] [review] patch v1 Native callers can optimize by using schemeIs rather than getting scheme and doing a compare, but since this is going through xpconnect either way it probably doesn't matter much.
Attachment #287748 -
Flags: review?(gavin.sharp) → review+
Assignee | ||
Updated•17 years ago
|
Keywords: checkin-needed
Comment 5•17 years ago
|
||
Checking in browser/components/feeds/src/WebContentConverter.js; /cvsroot/mozilla/browser/components/feeds/src/WebContentConverter.js,v <-- WebContentConverter.js new revision: 1.24; previous revision: 1.23 done
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9 M10
Reporter | ||
Updated•17 years ago
|
Flags: in-testsuite?
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•