Open
Bug 459561
Opened 17 years ago
Updated 3 years ago
Eval textbox is revealed to the user if Page Style is set to "No Style"
Categories
(Firefox :: Session Restore, defect)
Tracking
()
NEW
People
(Reporter: ventnor.bugzilla, Unassigned)
References
Details
Attachments
(1 file)
|
672 bytes,
patch
|
zeniko
:
review-
|
Details | Diff | Splinter Review |
A hidden textbox with (presumably) scripts to evaluate is hidden on the page. But it is hidden with a CSS "display: none" rule. Therefore, if I turn off CSS styles I can see and freely edit the contents of the textbox. Uh oh.
I don't think there's any difference functionally between a HTML input and a XUL textbox.
Attachment #342779 -
Flags: review?(zeniko)
|
||
Comment 1•17 years ago
|
||
Comment on attachment 342779 [details] [diff] [review]
Patch
That textbox contains the state of the crashed session which is automatically saved by SessionStore in case of a repeated crash.
XUL textboxes OTOH aren't saved at all, unless they're special-cased in nsSessionStore.js (which we currently do for about:config). This change requires special-casing as well...
Attachment #342779 -
Flags: review?(zeniko) → review-
|
|
||
Comment 2•17 years ago
|
||
BTW: Changing the content of that textbox would be equivalent to editing sessionstore.js which the user could do anyway. So I'm not sure what this change would gain us.
Should we still want this change, please remove the current special-casing of about:sessionrestore in nsSessionStore.js.
|
||
Comment 3•16 years ago
|
||
I don't suppose <input type="hidden"> would work would it?
|
|
||
Comment 4•16 years ago
|
||
Sorry, I hadn't seen your comment in bug 459550.
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•