The security check we do in dragDropSecurityCheck doesn't explicitly allow drops of file URIs - they just happen to work because in most cases the source document is null. We should fix that to avoid problems in the future.
Created attachment 429551 [details] [diff] [review] patch
Comment on attachment 429551 [details] [diff] [review] patch Wouldn't hurt to get this on branches too.
Comment on attachment 429551 [details] [diff] [review] patch a=beltzner for 126.96.36.199, 188.8.131.52. 184.108.40.206
1.9.2: https://hg.mozilla.org/releases/mozilla-1.9.2/rev/82fa604cdf23 1.9.1: https://hg.mozilla.org/releases/mozilla-1.9.1/rev/ff4a52b1c2a4 1.9.0: mozilla/toolkit/content/nsDragAndDrop.js 1.11
How can qa verify this? also, are there unit tests?
Patch was fixed in another bug that has been marked verified on verified220.127.116.11, verified1.9.1, verified1.9.2. resolving here also.