File URLs do not work with "Open New Window"

VERIFIED DUPLICATE of bug 84128

Status

()

Core
Security
VERIFIED DUPLICATE of bug 84128
16 years ago
16 years ago

People

(Reporter: Neil Marshall, Assigned: dougt)

Tracking

Trunk
x86
Windows 2000
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
If I have a file:///c|/ listing and I ctrl-dblclick (or ctrl-click) it doesn't
open the link in a new window.

Shouldn't it operate the same as a link on a www page?

Comment 1

16 years ago
I think Ctrl+click is used for multi-select.  A workaround is to use the 
context menu.

I don't think it should work the same as a link on a www page, because you 
can't multi-select or move www links.
(Reporter)

Comment 2

16 years ago
I just tried it in a file view.  Ctrl-click does not select multiple items.

Even if it did, what would it do?  It looks like you can drag and drop files 
into folders, but that doesn't work yet, so that can't be it.

I guess it all depends on where the file:/// list is headed.

Comment 3

16 years ago
NEW: (do not dupe)


File URLs inside an HTTP served page will not work when used. This currently
includes "Open New Window", although I am not sure if there is a security
problem with this action.

You can see some of this discussed in bug 47988.

We need to find out from a security expert if there is risk in making this work.
If not, this bug still needs an error, and becomes a dupe of bug 84128.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Ctrl-dblclick on a file doesn't open in a new window. → File URLs do not work with "Open New Window"

Comment 4

16 years ago
My mistake, sorry.  I was thinking of the Manage Bookmarks window, which I 
thought used the same widget.
Yes, "Open In New Window" carries the same security risks as clicking on the
link, as users do both very often. HTTP content should not be able to load or
link to file:// content by any means (with a few exceptions - and this isn't one
of them). See 47988 for some explanation. 

*** This bug has been marked as a duplicate of 84128 ***
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE

Comment 6

16 years ago
VERIFIED:
same problem.
Status: RESOLVED → VERIFIED

Comment 7

16 years ago
-> security-general (checkURI is doing this).
qa to bsharma.
Component: Networking: File → Security: General
QA Contact: benc → bsharma
You need to log in before you can comment on or make changes to this bug.