Closed Bug 759382 Opened 13 years ago Closed 13 years ago

Don't allow feed: URLs with an innerURI that inherits the page's security context

Categories

(SeaMonkey :: Feed Discovery and Preview, defect)

Product:
SeaMonkey
Component:
Feed Discovery and Preview
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: neil, Assigned: neil)

References

Details

(Keywords: sec-moderate, testcase, Whiteboard: [no-esr])

Attachments

(1 file)

Proposed patch
1.41 KB, patch
iannbugzilla
: review+
Details | Diff | Splinter Review
+++ This bug was initially created as a clone of Bug #758990 +++
Attached patch Proposed patchSplinter Review
We're doing this because those URIs are apparently now a security risk, and it turns out that they were unusable anyway. As nobody seems to have ported the feed tests, you could evaluate top.Services.io.newURI("feed:javascript;", null, null).spec and various other feed URIs to check that javascript and data (and variations thereof such as jar:data: and view-source:data: too) are blocked.
Assignee: nobody → neil
Status: NEW → ASSIGNED
Attachment #628537 - Flags: review?(iann_bugzilla)
Attachment #628537 - Flags: review?(iann_bugzilla) → review+
Pushed comm-central changeset 33861ac48069.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: [no-esr]
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: