The security check we do in dragDropSecurityCheck doesn't explicitly allow drops of file URIs - they just happen to work because in most cases the source document is null. We should fix that to avoid problems in the future.
Created attachment 429551 [details] [diff] [review] patch
Comment on attachment 429551 [details] [diff] [review] patch Wouldn't hurt to get this on branches too.
Comment on attachment 429551 [details] [diff] [review] patch a=beltzner for 18.104.22.168, 22.214.171.124. 126.96.36.199
1.9.2: https://hg.mozilla.org/releases/mozilla-1.9.2/rev/82fa604cdf23 1.9.1: https://hg.mozilla.org/releases/mozilla-1.9.1/rev/ff4a52b1c2a4 1.9.0: mozilla/toolkit/content/nsDragAndDrop.js 1.11
How can qa verify this? also, are there unit tests?
Patch was fixed in another bug that has been marked verified on verified188.8.131.52, verified1.9.1, verified1.9.2. resolving here also.