Ticket #2162 (closed Bug: fixed)

Opened 7 years ago

Last modified 6 years ago

Working with Firebug might include reference to chrome: file

Reported by: alfonsoml Owned by: alfonsoml
Priority: Normal Milestone: FCKeditor 2.6.1
Component: Core : Output Data Version: FCKeditor 2.6
Keywords: Confirmed Firefox Review+ Cc:

Description

I don't know the exact steps to reproduce, but I've seen a page that it wasn't possible to edit anymore giving an error in both IE and Firefox. The page was edited with full page and it had this included (after the last successful edit):

		<link charset="utf-8" rel="stylesheet" type="text/css" href="chrome://firebug/content/highlighter.css" />

So it might be a good idea to check that the <link>s doesn't point to restricted urls

Attachments

2162.patch (1.3 KB) - added by alfonsoml 7 years ago.
Proposed SVN patch

Change History

comment:1 Changed 7 years ago by alfonsoml

Note: the bug in Firefox was reported as

Access to restricted URI denied" code: "1012

and IE said "Access denied", line 84

comment:2 Changed 7 years ago by fredck

  • Keywords Confirmed Firefox added

I was able to append that <link> tag by simply inspecting a FullPage=true document with Firebug.

Is there any chance for us to detect Firebug and behave accordingly?

comment:3 Changed 7 years ago by alfonsoml

Other extensions might include other content on the page, so I would rather just check that the href of the link starts with chrome:// and then ignore it. It doesn't matter if Firebug is loaded or not, we will be safe anyway.

An example of other extensions that do nasty things is Skype, but those transformations are much harder to revert as they are done in the body.

Changed 7 years ago by alfonsoml

Proposed SVN patch

comment:4 Changed 7 years ago by alfonsoml

  • Keywords Review? added

comment:5 Changed 6 years ago by fredck

  • Keywords Review+ added; Review? removed
  • Milestone set to FCKeditor 2.6.1

Your thoughts make sense Alfonso... I doubt we'll ever have someone intentionally appending chrome:// <link>s.

comment:6 Changed 6 years ago by alfonsoml

  • Status changed from new to closed
  • Resolution set to fixed

Fixed with [1983]

Note: See TracTickets for help on using tickets.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy