Closed
Bug 659681
Opened 13 years ago
Closed 13 years ago
Show compatibility warning if a javascript: or data: URLs are used
Categories
(addons.mozilla.org Graveyard :: Developer Pages, defect, P2)
addons.mozilla.org Graveyard
Developer Pages
Tracking
(Not tracked)
VERIFIED
FIXED
6.0.12
People
(Reporter: jorgev, Assigned: basta)
References
Details
(Whiteboard: [fx6][post-freeze+])
Attachments
(1 file)
119.01 KB,
image/png
|
Details |
As explained in bug 656433, javascript: and data: URLs can no longer be executed from the location bar in the context of the page currently being displayed. It's difficult to tell if this affects any add-ons, but we should show a warning anyway. We should flag all uses of javascript: or data: URLs in JS code. This is only a warning. It should appear in the compatibility message sent to authors, but should not prevent a compatibility bump from happening.
Updated•13 years ago
|
Whiteboard: [fx6] → [fx6][post-freeze+]
Target Milestone: 6.1.0 → 6.0.12
Reporter | ||
Comment 1•13 years ago
|
||
Message: Loading javascript: or data: URLs through the URL bar may no longer work as expected in Firefox 6. If you load these types of URL, please test your add-on on the latest Firefox 6 builds, or refer to <LINKED_BUG> for more information. Krupa: Subtitles Timeline uses javascript: URLs https://addons.mozilla.org/en-US/firefox/addon/subtitles-timeline/
Assignee | ||
Comment 2•13 years ago
|
||
I'm not sure what I should be looking for in the validator with this one. Changes to window.location[.href]? To the best of my understanding of bug 656433, the bug only applies to javascript: and data: URLs that are pasted into the location bar, so executing those URLs via href attributes on <a> tags, for instance, shouldn't be flagged.
Reporter | ||
Comment 3•13 years ago
|
||
In bug 656433 they made sure that it worked when executed from a document and from a bookmark. If you can discard those uses, that's good. However, limiting this to changes to window.location might discard situations where the bug affect an add-on, since there are many ways to execute such URLs.
Assignee | ||
Comment 4•13 years ago
|
||
I guess I'm just unsure of which ways are affected and which aren't affected by this. To make this work, I need to test each individual way that you can launch the URLs. I could always implement it as a naive regex, but that would pick up every instance of "javascript:" or "data:", so that's probably a rather bad thing.
Reporter | ||
Comment 5•13 years ago
|
||
That's the reason we are only showing this as a warning, because we don't know if any add-on is affected, or under which circumstances they could be affected. We just want to let developers know that they should double check.
Assignee | ||
Comment 6•13 years ago
|
||
Done: https://github.com/mattbasta/amo-validator/commit/0e1bb0393b5f859c2187bad291360365d00050cf
Updated•13 years ago
|
Assignee | ||
Comment 7•13 years ago
|
||
Merged: https://github.com/mozilla/amo-validator/commit/7778eec40ff8923f8f515d17b702b17690706a8a
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 8•13 years ago
|
||
verified at https://addons-next.allizom.org/en-US/developers/addon/imacros-for-firefox/validation-result/23799
Status: RESOLVED → VERIFIED
Comment 9•13 years ago
|
||
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•