Closed Bug 998716 Opened 11 years ago Closed 11 years ago

[Regression of 624883] view-source URI Scheme is still allowed in iframes

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
29 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 624883

People

(Reporter: mreagle0x, Unassigned)

Details

(Keywords: regression, sec-want)

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101 Firefox/29.0 (Beta/Release) Build ID: 20140417185217 Steps to reproduce: 1- Go to http://mreagle0x.host4bros.net/source.html (Or test this <iframe src=view-source:http://example.com style="opacity: 0.5"> into any webpage) Actual results: The source of http://example.com is inserted/shown into the iframe. Expected results: Firefox should treat the view-source URI Scheme as an unrecognised scheme if not top-level to avoid any possible abuses.
Keywords: regression, sec-want
This is fixed in Firefox 30 and later, not in Firefox 29. That's noted on the bug ("target milestone" field).
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.