412420 - (i)Frame still inherits charset of parent frame if parent frame exists on local file

Status: RESOLVED DUPLICATE of bug 408457

(Core :: Security, defect)

Description

[Masahiro YAMADA]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11

Bug 356280 is already fixed. But If parent frame exists on local file (May be other scheme can do), script is still executed.

Reproducible: Always

Steps to Reproduce:
1.Download attachment 251186 [details] to your local directory
2.Open it
3.Change encoding to UTF-7.
Actual Results:  
Script written in UTF-7 is executed

Expected Results:  
Script written in UTF-7 is should not executed

It may be danger when local file is exists on removable media.

Also reproduced at:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008011405 Minefield/3.0b3pre

Comment 1

[Masahiro YAMADA]

This issue seems to be related as Bug 408457 or Bug 406777. (may be dup)

Comment 2

[Brandon Sterne (:bsterne)]

I see the same behavior for the testcase served from b.m.o as well as the same file served locally: that each child iframe inherits the character encoding from its parent when the character set is manually overridden in the parent.

The bug title implies that character encoding is _not_ inherited by child (i)frames when the parent frame is remote.  This doesn't appear to be the case.

Per comment 1, I agree that this can be marked a dup of bug 408457.

Tested with:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11