Opened 17 years ago
Closed 17 years ago
#2162 closed Bug (fixed)
Working with Firebug might include reference to chrome: file
| Reported by: | Alfonso Martínez de Lizarrondo | Owned by: | Alfonso Martínez de Lizarrondo |
|---|---|---|---|
| Priority: | Normal | Milestone: | FCKeditor 2.6.1 |
| Component: | Core : Output Data | Version: | FCKeditor 2.6 |
| Keywords: | Confirmed Firefox Review+ | Cc: |
Description
I don't know the exact steps to reproduce, but I've seen a page that it wasn't possible to edit anymore giving an error in both IE and Firefox. The page was edited with full page and it had this included (after the last successful edit):
<link charset="utf-8" rel="stylesheet" type="text/css" href="chrome://firebug/content/highlighter.css" />
So it might be a good idea to check that the <link>s doesn't point to restricted urls
Attachments (1)
Change History (7)
comment:1 Changed 17 years ago by
comment:2 Changed 17 years ago by
| Keywords: | Confirmed Firefox added |
|---|
I was able to append that <link> tag by simply inspecting a FullPage=true document with Firebug.
Is there any chance for us to detect Firebug and behave accordingly?
comment:3 Changed 17 years ago by
Other extensions might include other content on the page, so I would rather just check that the href of the link starts with chrome:// and then ignore it. It doesn't matter if Firebug is loaded or not, we will be safe anyway.
An example of other extensions that do nasty things is Skype, but those transformations are much harder to revert as they are done in the body.
comment:4 Changed 17 years ago by
| Keywords: | Review? added |
|---|
comment:5 Changed 17 years ago by
| Keywords: | Review+ added; Review? removed |
|---|---|
| Milestone: | → FCKeditor 2.6.1 |
Your thoughts make sense Alfonso... I doubt we'll ever have someone intentionally appending chrome:// <link>s.
Note: the bug in Firefox was reported as
and IE said "Access denied", line 84