Closed
Bug 666387
Opened 13 years ago
Closed 8 years ago
Full path of file is exposed to content
Categories
(Core :: DOM: Copy & Paste and Drag & Drop, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1249522
People
(Reporter: khuey, Unassigned)
Details
(Keywords: privacy, regression, sec-low, Whiteboard: [sg:low])
STR: Visit http://html5demos.com/drag-anything Choose the second radio group button Drag a file onto the drag area See that the file path is exposed as a file:// URL. I've tested that this happens on Windows on Firefox 5 and the latest nightly.
Comment 1•13 years ago
|
||
We've stripped the path when we upload it to sites on privacy grounds, we shouldn't be sharing that with the page either.
Keywords: privacy,
regression
Whiteboard: [sg:low]
Updated•9 years ago
|
Group: core-security → dom-core-security
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•