Using 2001-04-17 on winme, mac and linux a link to a .jpg in a message body doesn't recognize it as a .jpg file (could happen to other native files, but haven't tested yet). May be same as 63225, but not sure. 1. Launch mail and send yourself a mail message with a .jpg as a link (use I sert to give a name and location to the .jpg file located on your hard drive). 2. Get that message and click on the link. Result: I get a Open/Save dialog Expected: To open up the .jpg file in a new browser window. This is what 4.7 does with this same message. 3. Right mouse click on the link and select Save Link As Result: you the save as dialog with the wrong name inserted, (INBOX>108922 instead of humor.jpg) Expected: to get the save as dialog with the correct name inserted (this is what 4.7 did for messages of this type sent using 4.7 & today's build).
hey esther...I don't think you are allowed to click on a file url inside a message you sent yourself. It's a security hole if you can. Using today's build, I sent myself a message with a file URL: file:///c:/test.jpeg I then received the message and tried to click on my file URL. I got an error to the console from the security manager saying: The link to file:///C:/dell/docs/bedirect.jpg was blocked by the security manage r. Remote content may not link to local content. I believe this is the intended behavior. cc'ing mstoltz to be sure. If you are having trouble viewing a JPEG someone sent you as an http url then this bug is a problem.
Mitch, one other thing I noticed while playing around with this. If I click on the file url in the message, the security manager steps in and says I don't think so. If I instead click Save Link As, we'll correctly load the url and save it to a destination of my choosing. Not sure if that's a problem or of it's allowed.
Scott, I don't think I've added a check on Save Link As. It's probably not necessary; it's unlikely a user could be convinced to save a link in a known location, which might present a risk, but it's pretty farfetched. I may be reaching the point where annoyance overwhelms security gain; I'm not sure. There's no immediate risk, so I'm going to leave it as is for a while.
that policy sounds find to me Mitch. (about not blocking save link as)
Current behaviour is; clicking link - nothing open in new window - nothing dragging link to mozilla window - jpeg is displayed save file as - save dialogue with correct name pops up This is on Linux, using build from CVS, grabbed approx. 12/09 23:50 (tinderbox)
I think there is some user feedback missing, if it is by design that such links do not work for security reasons. (btw, why is this a hole?) I just sent a mail pointing to file://///ComputerName/SharedDir/ to a co-worker, and he could follow the link using Outlook Express, but when I tried to follow the link in the sent mail, I had to use copy&paste. This gave me the impression that I had detected a bug - until I read the comments in this one.
I'm confirming this bug for Solaris (buildID 2002061103): Jpeg images never show up in the context of web-pages. In all cases, I can view the jpeg by right-clicking over the empty space where the image would be and selecting "View image". example url: http://www.time.com/time/asia/magazine/article/0%2C13673%2C501020701-265481%2C00.html (If the original bug was specific to mail, I should probably refiled this as its own bug.)
Marking invalid; comments 1 and 2 imply the failure to open file: links from messages is by design. Bug 135830 is about providing a more nuanced security scheme (and also makes note of the current lack of any response when the link is clicked).
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.