Closed Bug 504441 Opened 15 years ago Closed 15 years ago

Provide a way to load URLs with overridden mime type and null principal

Categories

(Core :: Security: CAPS, enhancement)

Product:
Core
Component:
Security: CAPS
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jruderman, Unassigned)

References

(Blocks 1 open bug)

Details

Many users have requested a "View as HTML" feature for sites that use incorrect mime types or content-disposition: attachment (bug 57342).

Implementing "View as HTML" safely requires not treating the page content as "part of the site" for security checks (cross-window scripting, script interaction with cookies, extension installation, geolocation, etc) and setting of referrer.

Maybe something like:

null-principal:text/html,https://mail.google.com/attachment/3

We probably wouldn't want to let sites link to such URLs.
It doesn't have to be a psuedo-protocol, btw.

It would be nice if this could be done in a way that avoids making a second request to the server.
I'm pretty sure this wouldn't be a CAPS bug. Could be networking or the uriloader.

A data: URI probably already does what you want, as long as the chrome UI
capturing the already-downloaded content opens it in a new window/tab or zaps
the current content.
Assignee: dveditz → nobody
I don't understand the problem.  The relevant UI would be setting the channel's MIME type to text/html and redispatching the channel, right?  It can just set its owner to a nullprincipal object at the same time....
That is, given an nsIChannel it's already possible to do what you're asking for.
And bug 57342 has the redispatching work-in-progress, no?
ok
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.