Closed Bug 427427 Opened 18 years ago Closed 18 years ago

<img src=file://nul ........... >

Categories

(Toolkit Graveyard :: Error Console, enhancement)

Product:
Toolkit Graveyard
Component:
Error Console
Platform:
x86
Windows 98
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: zero794, Unassigned)

Details

Attachments

(2 files)

testcase
75 bytes, text/html
Details
Testcase with file:///
76 bytes, text/html
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) Build Identifier: I'm using some kind of a filtering proxy, and one (among others) thing it does is to disable specific images. In particular, it turns them into: <img src=file://nul ........... > The Mozilla generates a "security warning" for these tags, stating the target doen't exist. (And it adds "/." to the path. Why?) Don't check for the file existance, just open it & catch errors, if any! Reproducible: Always
the security error should tell you all, remote content isn't allowed to link to local content
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
Ok on your explanation, Matthias. But why does Firefox add "/.", and does say "not found" warning instead of the "access denied"? There's something to fix anyway, I believe.
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
what is the full error message, you can copy it from the error console. the file syntax is file://server/path_to/file. You didn't add a version of the used product as you have to do.
Attached file testcase
using the error message i get : Security Error: Content at https://bugzilla.mozilla.org/attachment.cgi?id=314820 may not load or link to file://nul/. the /. is added because file://nul doesn't link to a file, just to a server and the next link to a file would be file://nul/. The "." is the . between "filename.extension" i would guess.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago18 years ago
Resolution: --- → INVALID
Attached file Testcase with file:///
You get the correct error message with a correct link to a file: Security Error: Content at http://server600/test.html may not load or link to file:///nul. The point is again from the extension because you try to link to a nul. file. (you can not link to devices)
Thank you, Matti, for showing me the significance of "file:///"; I knew nothing of it before. You said I can't link to device. But I think developers can make a few safe exclusions from this rule, for the "nul" device in particular. That's why a turned all the stuff to "enhancement" status. Sure, the conversation is over.
Severity: normal → enhancement
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Sorry, i did a misspelling. Please read as following: That's why i turned all the stuff to "enhancement" status.
You can not only link to devicenames, you can also not link from http:// to file:// URLs. That's why you get a this security error. You can't for example change the link file://nul to a valid 1x1 pixel valid image on your hdd (file:///image.gif ) because you would also get this security error. I would in your case use my local http server for that or use a image from my router interface and set the size to 1x1 pixel (via proxy). Allowing linking to local files and also to devicenames is wontfix, sorry
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago18 years ago
Resolution: --- → WONTFIX
Product: Firefox → Toolkit
Product: Toolkit → Toolkit Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: