Open Bug 424860 Opened 16 years ago Updated 2 years ago

Change nsContentUtils::URIIsLocalFile() name or signature

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Type:
defect

Tracking

()

People

(Reporter: dveditz, Assigned: dveditz)

References

Details

The helper function nsContentUtils::URIIsLocalFile() was added for bug 402983 but the name may lead people into doing the wrong thing. For the purposes of file: uri security checks (bug 402983) we did not want to de-nest jar: uris, but just about anywhere else in the product we will always want to use the innermost URI for these kinds of checks.

Options:
- rename it to OuterURIIsLocalFile() (and optionally create a de-nesting version
- change the signature to include a "de-nest" boolean parameter (and default true)

Incidentally we should document why we didn't just QI to nsIFileURL. resource: URIs are also nsIFileURLs and we explicitly want to exclude them in this case. We checked the protocol handler flags instead, but a schemeIs check might have been simpler.

Maybe we should have checked for the literal "file:" scheme instead.
Depends on: 402983
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.