Closed Bug 550290 Opened 15 years ago Closed 15 years ago

nsSidebar.js check for icon validity flawed

Categories

(Firefox :: Search, defect)

Product:
Firefox
Component:
Search
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 4.0b1

People

(Reporter: mail, Assigned: Gavin)

References

(
URL
)

Details

Attachments

(1 file)

loosen the restriction
1.50 KB, patch
rflint
: review+
Details | Diff | Splinter Review
@ nsSidebar.js#144 144 // Make sure we're using HTTP, HTTPS, or FTP and refering to a 145 // .gif/.jpg/.jpeg/.png/.ico file for the icon. 146 if (iconURL && 147 ! /^(https?|ftp):\/\/.+\.(gif|jpg|jpeg|png|ico)$/i.test(iconURL)) 148 throw "Unsupported search icon URL."; 149 } fails for favicon of form http://example.com/favicon.ico?123numberhere this also breaks search engine installs with addSearchProvider where the image in .xml description is ok in terms of the above but the page favicon for the fallback is not.
I think these checks are all pretty dumb, but the lame attempt at file extension checking is the dumbest, since it can easily be circumvented and doesn't really protect against anything (worst case we will load and store bogus data as the icon).
Assignee: nobody → gavin.sharp
Status: NEW → ASSIGNED
Attachment #434353 - Flags: review?(rflint)
Comment on attachment 434353 [details] [diff] [review] loosen the restriction Certainly better than what we had! If we want to drop these checks entirely, maybe we could just pass these through the script security manager with a null principal? Though I'm not totally sure that'd give us any benefit over these regexps...
Attachment #434353 - Flags: review?(rflint) → review+
https://hg.mozilla.org/mozilla-central/rev/87b28ba15a8f
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 3.7a6
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: