Open Bug 733935 Opened 8 years ago Updated 8 years ago

Security error when I select an image on a locally-hosted page

Categories

(Core :: Serializers, defect)

x86_64
Linux
defect
Not set

Tracking

()

People

(Reporter: dholbert, Unassigned)

References

Details

Attachments

(1 file)

STR:
 1. Save testcase as a local file, & view it in Firefox.
 2. Open Error Console, and pick the "messages" area.
 3. Double-click some white area in the firefox window with the testcase.
     OR: Ctrl+A to select-all
     OR: Drag across the image to select it

ACTUAL RESULTS:
This appears in the "messages" area of Error Console:
{
Security Error: Content at moz-nullprincipal:{3af860a3-49b6-48c6-b63d-3fe0bf5e128f} may not load or link to file:///home/[--path/to/--]testcase.html
}
Here's the testcase. It's just the following:
>  <html><body><img src="">
Last good nightly: 2012-02-28
First bad nightly: 2012-02-29

Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=7ce4d9b55863&tochange=30b4f99a137c

No particular cset there jumps out at me as blameworthy yet...
regression range on mozilla-inbound:

Last good nightly: 2012-02-27
First bad nightly: 2012-02-28

Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=86f8ab61e755&tochange=eac2ff42164d
From targeted builds, I determined that this is a regression from this cset, from bug 650784:
  http://hg.mozilla.org/mozilla-central/rev/429263e58090
Blocks: 650784
Component: General → Serializers
QA Contact: general → dom-to-text
(In reply to Daniel Holbert [:dholbert] from comment #0)
> This appears in the "messages" area of Error Console:
> {
> Security Error: Content at
> moz-nullprincipal:{3af860a3-49b6-48c6-b63d-3fe0bf5e128f} may not load or
> link to file:///home/[--path/to/--]testcase.html
> }

So does Gecko load the image nonetheless? If the image is not actually loaded, the code is working as designed (though it's annoying that the app lets you know that it successfully blocked an image).
(In reply to Henri Sivonen (:hsivonen) from comment #5)
> So does Gecko load the image nonetheless?

In this case it's <img src="">, so there's no image.  It just (correctly) shows the broken-image icon.

(Also, to be clear --as far as I've seen, this error isn't triggered at load-time -- it's specifically when you select/highlight the image.)
Attachment #603897 - Attachment description: testcase 1 → testcase 1 (needs to be saved as a local file)
By code inspection, the code should be ok security-wise. The console message was added in bug 337260.

I'm not sure how I should suppress the console message when dealing with intentionally special DOMs.

The message for these particular steps to reproduce will go away in bug 731896, but that doesn't really address the problem for other callers of the HTML to plaintext conversion code.
(In reply to Henri Sivonen (:hsivonen) from comment #7)
> but that doesn't really address the problem for other callers of the
> HTML to plaintext conversion code.

I tried to repro by running code that called nsIParserUtils.convertToPlainText from the evaluation box in the error console and was unable to repro the security message.
You need to log in before you can comment on or make changes to this bug.