Redirect on drop to out of scope URL

NEW
Unassigned

Status

()

P5
normal
5 years ago
4 months ago

People

(Reporter: robin, Unassigned)

Tracking

26 Branch
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release)
Build ID: 20130821082411

Steps to reproduce:

Drag & Drop:

http://www.robin-gloster.de/drop-redirect.html


Actual results:

redirected to url in local scope


Expected results:

nothing special

Comment 1

5 years ago
Do you see any difference if you use 'text/plain' instead of 'Text' in the setData call?
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Reporter)

Comment 2

5 years ago
No doesn't make any difference. The only way I have found to prevent redirects is 

I think there are multiple parts to this bug.

1. Why does firefox redirect on drop event in the first place as default? I can't see any use case where I would want that behaviour.

2. If (1) is intended I don't see why it would redirect to the *id* of the dropped element/

3. This is no ordinary redirect via location.href
   - location.href doesn't allow url change to file:/// (possibly security implications when finding a way to execute code on file via XSS or some other bug etc.) 
   - id="file:///etc/passwd" doesn't redirect id="/etc/passwd"
   - it uses some part of the URL autocorrection feature (id="task2" -> task2.com)
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.