Last Comment Bug 549349 - file drop URIs only accidentally work
: file drop URIs only accidentally work
: verified1.9.0.19, verified1.9.1, verified1.9.2
Product: Core
Classification: Components
Component: Drag and Drop (show other bugs)
: Trunk
: All All
-- normal (vote)
: mozilla1.9.3a3
Assigned To: :Gavin Sharp [email:]
: Neil Deakin
Depends on:
  Show dependency treegraph
Reported: 2010-03-01 10:26 PST by :Gavin Sharp [email:]
Modified: 2010-03-22 17:31 PDT (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (2.46 KB, patch)
2010-03-01 10:28 PST, :Gavin Sharp [email:]
dtownsend: review+
mbeltzner: approval1.9.2.2+
mbeltzner: approval1.9.1.9+
mbeltzner: approval1.9.0.19+
Details | Diff | Splinter Review

Description User image :Gavin Sharp [email:] 2010-03-01 10:26:25 PST
The security check we do in dragDropSecurityCheck doesn't explicitly allow drops of file URIs - they just happen to work because in most cases the source document is null. We should fix that to avoid problems in the future.
Comment 2 User image :Gavin Sharp [email:] 2010-03-01 10:28:39 PST
Created attachment 429551 [details] [diff] [review]
Comment 3 User image :Gavin Sharp [email:] 2010-03-01 10:33:04 PST
Comment 4 User image :Gavin Sharp [email:] 2010-03-04 09:14:41 PST
Comment on attachment 429551 [details] [diff] [review]

Wouldn't hurt to get this on branches too.
Comment 5 User image Mike Beltzner [:beltzner, not reading bugmail] 2010-03-04 15:09:52 PST
Comment on attachment 429551 [details] [diff] [review]

a=beltzner for,
Comment 6 User image :Gavin Sharp [email:] 2010-03-08 10:31:52 PST
1.9.0: mozilla/toolkit/content/nsDragAndDrop.js 	1.11
Comment 7 User image Tony Chung [:tchung] 2010-03-22 16:52:58 PDT
How can qa verify this?  also, are there unit tests?
Comment 8 User image Tony Chung [:tchung] 2010-03-22 17:31:23 PDT
Patch was fixed in another bug that has been marked verified on verified1.9.0.19, verified1.9.1, verified1.9.2.   resolving here also.

Note You need to log in before you can comment on or make changes to this bug.