Closed Bug 666387 Opened 13 years ago Closed 8 years ago

Full path of file is exposed to content

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1249522

People

(Reporter: khuey, Unassigned)

Details

(Keywords: privacy, regression, sec-low, Whiteboard: [sg:low])

Kyle Huey (Exited; not receiving bugmail, old account, do not use)

Reporter

Description

•

13 years ago

STR:

Visit http://html5demos.com/drag-anything

Choose the second radio group button

Drag a file onto the drag area

See that the file path is exposed as a file:// URL.

I've tested that this happens on Windows on Firefox 5 and the latest nightly.

Daniel Veditz [:dveditz]

Comment 1

•

13 years ago

We've stripped the path when we upload it to sites on privacy grounds, we shouldn't be sharing that with the page either.

Keywords: privacy, regression

Whiteboard: [sg:low]

Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]

Updated

•

12 years ago

Keywords: sec-low

Johnny Stenback (:jst)

Comment 2

•

11 years ago

Neil, can you take this one?

Component: DOM → Drag and Drop

BMO Automation

Updated

•

9 years ago

Group: core-security → dom-core-security

Neil Deakin

Updated

•

8 years ago

Status: NEW → RESOLVED

Closed: 8 years ago

Resolution: --- → DUPLICATE

Daniel Veditz [:dveditz]

Updated

•

6 years ago

Group: dom-core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Full path of file is exposed to content

Categories

(Core :: DOM: Copy & Paste and Drag & Drop, defect)

Tracking

()

People

(Reporter: khuey, Unassigned)

References

Details

(Keywords: privacy, regression, sec-low, Whiteboard: [sg:low])

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 2

Updated

Updated

Updated