Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 549349 - file drop URIs only accidentally work
: file drop URIs only accidentally work
: verified1.9.0.19, verified1.9.1, verified1.9.2
Product: Core
Classification: Components
Component: Drag and Drop (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla1.9.3a3
Assigned To: :Gavin Sharp [email:]
: Neil Deakin
Depends on:
  Show dependency treegraph
Reported: 2010-03-01 10:26 PST by :Gavin Sharp [email:]
Modified: 2010-03-22 17:31 PDT (History)
2 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (2.46 KB, patch)
2010-03-01 10:28 PST, :Gavin Sharp [email:]
dtownsend: review+
mbeltzner: approval1.9.2.2+
mbeltzner: approval1.9.1.9+
mbeltzner: approval1.9.0.19+
Details | Diff | Splinter Review

Description :Gavin Sharp [email:] 2010-03-01 10:26:25 PST
The security check we do in dragDropSecurityCheck doesn't explicitly allow drops of file URIs - they just happen to work because in most cases the source document is null. We should fix that to avoid problems in the future.
Comment 2 :Gavin Sharp [email:] 2010-03-01 10:28:39 PST
Created attachment 429551 [details] [diff] [review]
Comment 3 :Gavin Sharp [email:] 2010-03-01 10:33:04 PST
Comment 4 :Gavin Sharp [email:] 2010-03-04 09:14:41 PST
Comment on attachment 429551 [details] [diff] [review]

Wouldn't hurt to get this on branches too.
Comment 5 Mike Beltzner [:beltzner, not reading bugmail] 2010-03-04 15:09:52 PST
Comment on attachment 429551 [details] [diff] [review]

a=beltzner for,
Comment 6 :Gavin Sharp [email:] 2010-03-08 10:31:52 PST
1.9.0: mozilla/toolkit/content/nsDragAndDrop.js 	1.11
Comment 7 Tony Chung [:tchung] 2010-03-22 16:52:58 PDT
How can qa verify this?  also, are there unit tests?
Comment 8 Tony Chung [:tchung] 2010-03-22 17:31:23 PDT
Patch was fixed in another bug that has been marked verified on verified1.9.0.19, verified1.9.1, verified1.9.2.   resolving here also.

Note You need to log in before you can comment on or make changes to this bug.