Closed
Bug 93761
Opened 23 years ago
Closed 23 years ago
File URLs do not work with "Open New Window"
Categories
(Core :: Security, defect)
Tracking
()
People
(Reporter: neil, Assigned: dougt)
Details
If I have a file:///c|/ listing and I ctrl-dblclick (or ctrl-click) it doesn't open the link in a new window. Shouldn't it operate the same as a link on a www page?
Comment 1•23 years ago
|
||
I think Ctrl+click is used for multi-select. A workaround is to use the context menu. I don't think it should work the same as a link on a www page, because you can't multi-select or move www links.
Reporter | ||
Comment 2•23 years ago
|
||
I just tried it in a file view. Ctrl-click does not select multiple items. Even if it did, what would it do? It looks like you can drag and drop files into folders, but that doesn't work yet, so that can't be it. I guess it all depends on where the file:/// list is headed.
NEW: (do not dupe) File URLs inside an HTTP served page will not work when used. This currently includes "Open New Window", although I am not sure if there is a security problem with this action. You can see some of this discussed in bug 47988. We need to find out from a security expert if there is risk in making this work. If not, this bug still needs an error, and becomes a dupe of bug 84128.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Ctrl-dblclick on a file doesn't open in a new window. → File URLs do not work with "Open New Window"
Comment 4•23 years ago
|
||
My mistake, sorry. I was thinking of the Manage Bookmarks window, which I thought used the same widget.
Comment 5•23 years ago
|
||
Yes, "Open In New Window" carries the same security risks as clicking on the link, as users do both very often. HTTP content should not be able to load or link to file:// content by any means (with a few exceptions - and this isn't one of them). See 47988 for some explanation. *** This bug has been marked as a duplicate of 84128 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
-> security-general (checkURI is doing this). qa to bsharma.
Component: Networking: File → Security: General
QA Contact: benc → bsharma
You need to log in
before you can comment on or make changes to this bug.
Description
•