Closed Bug 42076 Opened 24 years ago Closed 24 years ago

Non-chrome URLs not able to load chrome URLs

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Platform:
x86
Windows 98
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: hyatt, Assigned: security-bugs)

References

Details

(Keywords: regression, Whiteboard: [dogfood+] Patch Available)

Attachments

(1 file)

Patch for TEMPORARY fix. Please Review.
940 bytes, patch
Details | Diff | Splinter Review 
Something has changed so that a local file e.g., a local XUL file cannot load a 
chrome URL skin.  There is no security problem here.  This is another bad 
regression that needs to be fixed.
Nominating for dogfood.
Keywords: dogfood, regression
Putting on [dogfood+] radar.
Whiteboard: [dogfood+]
I guess this must be because of the changes mstoltz did to
nsScriptSecurityManager.cpp (line 570) on 06-01-2000 (Version 1.73). There was a
new url class introduced (LocalProtocol) which can only by called by urls of the
same class. Currently only resource and chrome are in that class. cc-ing
mstoltz.
David,
  Could you tel me more specifically what behavior is required? When you say 
'local XUL file,' is it a file loaded from a file:// URL? Do file:// URLs need to 
be able to access chrome:// URLs? Our security policy for which URLs can load 
which URLs is set out in nsScriptSecurityManager::CheckLoadURI. Could you please 
take a look at this function and tell me what changes should be made to the 
policy?

hyatt: is this a dup of bug 42073?
believe this was security-related.
Assignee: gagan → mstoltz
Chrome URLS should be loadable by anyone.  An HTTP or FILE URL should be able 
to load a chrome skin file or use chrome overlays.

*** Bug 42073 has been marked as a duplicate of this bug. ***
evaughan is going to look at your patch, mitch, and let you know if it works.

Yep this patch works. Looks good.
*** Bug 42481 has been marked as a duplicate of this bug. ***
*** Bug 42482 has been marked as a duplicate of this bug. ***
Whiteboard: [dogfood+] → [dogfood+] Patch Available
Fix checked in.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
verified:
Win98 2000070508
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: