Closed Bug 448033 Opened 16 years ago Closed 15 years ago

Keyword javascript bookmarks don't show in the location bar

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 419237

People

(Reporter: Mardak, Unassigned)

References

Details

Because we filter out javascript: URIs unless the user types in "javascript:", keyworded javascript bookmarks won't show up. But typing "javascript:" can changes the desired keyword if it's a javascript URI using %s.

Jesse: Any suggestions on if we should just let keyworded bookmarks not do the javascript: check? I'm not sure if it's possible.. but potentially a text box could be in a form whose action is a javascript URI, so a user could "create keyworded bookmark for this search". A javascript uri that can process whatever the user happens to type in for %s could potentially be dangerous.. ?
That's only an issue if a user actually right-clicks on a textbox on a malicious site, selects "Add keyword for search", fills in a keyword, and then uses that keyword... right?  We should probably prevent "Add keyword for search" from using data: or javascript: URLs, but it's not a big deal.
To add to this discussion, javascript bookmarks with/without tags also can't be accessed through the autocomplete via the location bar unless "javascript:" is entered into the field.

I've seen this on the latest 3.1b3 release build on all platforms:

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b3) Gecko/20090305 Firefox/3.1b3
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.