Closed
Bug 42076
Opened 24 years ago
Closed 24 years ago
Non-chrome URLs not able to load chrome URLs
Categories
(Core :: Networking, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: hyatt, Assigned: security-bugs)
References
Details
(Keywords: regression, Whiteboard: [dogfood+] Patch Available)
Attachments
(1 file)
940 bytes,
patch
|
Details | Diff | Splinter Review |
Something has changed so that a local file e.g., a local XUL file cannot load a chrome URL skin. There is no security problem here. This is another bad regression that needs to be fixed.
Comment 3•24 years ago
|
||
I guess this must be because of the changes mstoltz did to nsScriptSecurityManager.cpp (line 570) on 06-01-2000 (Version 1.73). There was a new url class introduced (LocalProtocol) which can only by called by urls of the same class. Currently only resource and chrome are in that class. cc-ing mstoltz.
Assignee | ||
Comment 4•24 years ago
|
||
David, Could you tel me more specifically what behavior is required? When you say 'local XUL file,' is it a file loaded from a file:// URL? Do file:// URLs need to be able to access chrome:// URLs? Our security policy for which URLs can load which URLs is set out in nsScriptSecurityManager::CheckLoadURI. Could you please take a look at this function and tell me what changes should be made to the policy?
Reporter | ||
Comment 7•24 years ago
|
||
Chrome URLS should be loadable by anyone. An HTTP or FILE URL should be able to load a chrome skin file or use chrome overlays.
Assignee | ||
Comment 9•24 years ago
|
||
Reporter | ||
Comment 10•24 years ago
|
||
evaughan is going to look at your patch, mitch, and let you know if it works.
Comment 11•24 years ago
|
||
Yep this patch works. Looks good.
Comment 12•24 years ago
|
||
*** Bug 42481 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 13•24 years ago
|
||
*** Bug 42482 has been marked as a duplicate of this bug. ***
Updated•24 years ago
|
Whiteboard: [dogfood+] → [dogfood+] Patch Available
Assignee | ||
Comment 14•24 years ago
|
||
Fix checked in.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•