Closed
Bug 756587
Opened 13 years ago
Closed 13 years ago
ensure manifest urls belong to same origin
Categories
(Firefox Graveyard :: SocialAPI, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mixedpuppy, Assigned: mixedpuppy)
References
Details
(Whiteboard: [needs-test])
If we load a manifest that is not a resource uri, ensure that the urls are same-origin.
Comment 1•13 years ago
|
||
Would another option be that we don't support absolute URLs in the manifest, apart from, say, URLPrefix?
Assignee | ||
Comment 2•13 years ago
|
||
For the manifest urls, we are absolutely talking same-origin, protocol+host+port. URLPrefix should only be used in the case we are loading from a resource URI, otherwise it should be ignored.
Assignee | ||
Updated•13 years ago
|
Assignee: nobody → mixedpuppy
Assignee | ||
Comment 3•13 years ago
|
||
pushed a validation/cleansing function in change https://github.com/mozilla/socialapi-dev/commit/3a731bfad4e4a861b17be5e3e0048f6e480dc143
Whiteboard: [needs-test]
Assignee | ||
Comment 4•13 years ago
|
||
pushed tests on this today https://github.com/mozilla/socialapi-dev/commit/f9d2f6388b219df49e9809fb3a85b3d9e8f0e3a0
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•