Closed Bug 93761 Opened 23 years ago Closed 23 years ago

File URLs do not work with "Open New Window"

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 84128

People

(Reporter: neil, Assigned: dougt)

Details

If I have a file:///c|/ listing and I ctrl-dblclick (or ctrl-click) it doesn't
open the link in a new window.

Shouldn't it operate the same as a link on a www page?
I think Ctrl+click is used for multi-select.  A workaround is to use the 
context menu.

I don't think it should work the same as a link on a www page, because you 
can't multi-select or move www links.
I just tried it in a file view.  Ctrl-click does not select multiple items.

Even if it did, what would it do?  It looks like you can drag and drop files 
into folders, but that doesn't work yet, so that can't be it.

I guess it all depends on where the file:/// list is headed.
NEW: (do not dupe)


File URLs inside an HTTP served page will not work when used. This currently
includes "Open New Window", although I am not sure if there is a security
problem with this action.

You can see some of this discussed in bug 47988.

We need to find out from a security expert if there is risk in making this work.
If not, this bug still needs an error, and becomes a dupe of bug 84128.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Ctrl-dblclick on a file doesn't open in a new window. → File URLs do not work with "Open New Window"
My mistake, sorry.  I was thinking of the Manage Bookmarks window, which I 
thought used the same widget.
Yes, "Open In New Window" carries the same security risks as clicking on the
link, as users do both very often. HTTP content should not be able to load or
link to file:// content by any means (with a few exceptions - and this isn't one
of them). See 47988 for some explanation. 

*** This bug has been marked as a duplicate of 84128 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
VERIFIED:
same problem.
Status: RESOLVED → VERIFIED
-> security-general (checkURI is doing this).
qa to bsharma.
Component: Networking: File → Security: General
QA Contact: benc → bsharma
You need to log in before you can comment on or make changes to this bug.