Closed Bug 444694 Opened 17 years ago Closed 17 years ago

user_pref("capability.policy.localfilelinks.sites" no longer working under 3.0

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Version:
1.9.0 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 405630

People

(Reporter: support, Assigned: dveditz)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 I have some websites that I use javascripting to display a small thumbnail preview of images that are selected to be uploaded using the "browse file" webform element. Under Firefox 2.0 my previewing system worked just fine provided that the user edited their user.js file with the following lines - user_pref("capability.policy.localfilelinks.checkloaduri.enabled", "allAccess"); user_pref("capability.policy.localfilelinks.sites", "http://www.mywebsite.com"); user_pref("capability.policy.policynames", "localfilelinks"); This, while inconvenient, did allow my image preview script to work. The problem is that upgrading to Firefox 3.0 results in this functionality not working at all. I have spent countless hours surfing the net for clues as to why this is but have come up empty handed. My suggestion here is that this is not an unusual situation where a website wants to allow a visitor to be able to preview an image prior to uploading it to their servers. For those who say that this represents a security risk, think about it, the user is ALREADY committing to uploading the file to the server and in my opinion, there is actually a GREATER security risk by not allowing the user to be able to preview his image to be uploaded. What if he chose the wrong image and doesn't find out about it until after the upload? Not a good thing. Allowing the user to preview the image prior to uploading is actually MORE SECURE than not allowing this. Soooo.... Please check into why this is not working in FF 3.0 One more thing, my suggestion is to have some sort of interactive information bar that asks if the user wishes to enable this functionality in his browser with the current website in question when selecting an image for upload, sort of how the user is asked when entering his username and password if he wants FF to remember this info for future login attempts. This would be a damn sight better than requiring them to find and edit their user.js file! Reproducible: Always Steps to Reproduce: 1. 2. 3.
Assignee: nobody → dveditz
Component: General → Security: CAPS
Product: Firefox → Core
QA Contact: general → caps
Version: unspecified → 1.9.0 Branch
Albert, this works fine for me as far as I can tell. Are you sure your problem is with the checkloaduri issue and not with the fact the <input type="file"> no longer hands out the full file path to websites?
Boris - Yes you are right in that the browser is stripping out the full filepath information <input type="file"> when I try to access that info using javascript. This now breaks most of my sites webforms where I have a preview image that is supposed to display when the user selects an image for upload to my server. Is there anyway that I can get around this problem in the prefs.js file? Here is a link to a page I made that illustrates the problem I am having - http://www.stocknum.com/firefox/bug.htm Thanks - Albert Dewey CppSolutions
There is no workaround AFAIK
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Actually, there is. You could add preferences that would grant that site UniversalFileRead privileges, and have the site request them.
You need to log in before you can comment on or make changes to this bug.