The default bug view has changed. See this FAQ.

file drop URIs only accidentally work

RESOLVED FIXED in mozilla1.9.3a3

Status

()

Core
Drag and Drop
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: Gavin, Assigned: Gavin)

Tracking

({verified1.9.0.19, verified1.9.1, verified1.9.2})

Trunk
mozilla1.9.3a3
verified1.9.0.19, verified1.9.1, verified1.9.2
Points:
---

Firefox Tracking Flags

(status1.9.2 .2-fixed, status1.9.1 .9-fixed)

Details

Attachments

(1 attachment)

The security check we do in dragDropSecurityCheck doesn't explicitly allow drops of file URIs - they just happen to work because in most cases the source document is null. We should fix that to avoid problems in the future.
Created attachment 429551 [details] [diff] [review]
patch
Assignee: nobody → gavin.sharp
Status: NEW → ASSIGNED
Attachment #429551 - Flags: review?(dtownsend)
Attachment #429551 - Flags: review?(dtownsend) → review+
https://hg.mozilla.org/mozilla-central/rev/66b74d46682e
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a2
Target Milestone: mozilla1.9.3a2 → mozilla1.9.3a3
Comment on attachment 429551 [details] [diff] [review]
patch

Wouldn't hurt to get this on branches too.
Attachment #429551 - Flags: approval1.9.2.2?
Attachment #429551 - Flags: approval1.9.1.9?
Attachment #429551 - Flags: approval1.9.0.19?
Comment on attachment 429551 [details] [diff] [review]
patch

a=beltzner for 1.9.2.2, 1.9.1.9. 1.9.0.19
Attachment #429551 - Flags: approval1.9.2.2?
Attachment #429551 - Flags: approval1.9.2.2+
Attachment #429551 - Flags: approval1.9.1.9?
Attachment #429551 - Flags: approval1.9.1.9+
Attachment #429551 - Flags: approval1.9.0.19?
Attachment #429551 - Flags: approval1.9.0.19+
1.9.2: https://hg.mozilla.org/releases/mozilla-1.9.2/rev/82fa604cdf23
1.9.1: https://hg.mozilla.org/releases/mozilla-1.9.1/rev/ff4a52b1c2a4
1.9.0: mozilla/toolkit/content/nsDragAndDrop.js 	1.11
status1.9.1: --- → .9-fixed
status1.9.2: --- → .2-fixed
Keywords: fixed1.9.0.19

Comment 7

7 years ago
How can qa verify this?  also, are there unit tests?

Comment 8

7 years ago
Patch was fixed in another bug that has been marked verified on verified1.9.0.19, verified1.9.1, verified1.9.2.   resolving here also.
Keywords: fixed1.9.0.19 → verified1.9.0.19, verified1.9.1, verified1.9.2
You need to log in before you can comment on or make changes to this bug.