427016 - Screenshot paste feature in libeditor can reveal current windows user name

Status: UNCONFIRMED

(Core :: DOM: Editor, defect, P5)

Description

[Dmitry Kirillov]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5

As far as I understad, current implementation of nsHTMLEditor::InsertFromTransferable, when a paste content is image (typically a screenshot), saves this image to %TEMP%\moz-screenshot.jpg and pastes a img src to the file://<$temp>/moz-screenshot into a control. 
On Win (at least 2K/XP), a %TEMP% directory typically contains login name of the current user.
As far as I understand, libeditor is used by websites, when they want to use a rich edit control. This leads to the fact that when user tries to paste an image, a url to the file in the %TEMP% directory is supplied to the web server.

Searching for http://www.google.ru/search?q=moz-screenshot+DOCUME~1 shows lots of results -- so this is an often problem

Reproducible: Always

Steps to Reproduce:
No easy steps to reproduce - I could not find a place which would allow to use rich edit without need to register. 
On livejournal.com it can be easily seen when creating a new post - switch to richedit, paste image from clipboard, switch to html and you will see <img src="file://"


Expected Results:  
Ideally to use a temporary path, which does not contain a user name inside. (C:\windows\temp on win?)

Comment 1

[Jens Stutte [:jstutte]]

Bulk-downgrade of unassigned, untouched DOM/Storage bug's priority.

If you have reason to believe, this is wrong, please write a comment and ni :jstutte.