Open Bug 920102 Opened 12 years ago Updated 3 years ago

Redirect on drop to out of scope URL

Categories

(Core :: DOM: Events, defect, P5)

Product:
Core
Component:
DOM: Events
Version:
26 Branch
Platform:
x86_64
Linux
Type:
defect

Tracking

()

People

(Reporter: robin, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release) Build ID: 20130821082411 Steps to reproduce: Drag & Drop: http://www.robin-gloster.de/drop-redirect.html Actual results: redirected to url in local scope Expected results: nothing special
Do you see any difference if you use 'text/plain' instead of 'Text' in the setData call?
Status: UNCONFIRMED → NEW
Ever confirmed: true
No doesn't make any difference. The only way I have found to prevent redirects is I think there are multiple parts to this bug. 1. Why does firefox redirect on drop event in the first place as default? I can't see any use case where I would want that behaviour. 2. If (1) is intended I don't see why it would redirect to the *id* of the dropped element/ 3. This is no ordinary redirect via location.href - location.href doesn't allow url change to file:/// (possibly security implications when finding a way to execute code on file via XSS or some other bug etc.) - id="file:///etc/passwd" doesn't redirect id="/etc/passwd" - it uses some part of the URL autocorrection feature (id="task2" -> task2.com)
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.