A long time ago I added code to block ports for a given protocol.
See :
https://bugzilla.mozilla.org/show_bug.cgi?id=83401
http://lxr.mozilla.org/seamonkey/source/netwerk/base/src/nsIOService.cpp#84
Basically this prevented you from constructing cross-protocol attacks.
I was recently questioned about where this check happens. Right now,
this check happens in necko -- all urls that get loaded, are explicitly
checked. You can globally override these settings.
However, I believe that we should make this check only for urls that
come from content. In doing so, you would allow extensions to be able
to construct a URL to a port that is restricted while allowing the rest
of the browser to enjoy the protection this check brings. It would also
allow a technical user to type in a url to service they which to debug.
I am worried about people copying and pasting urls from spam into the
url to avoid this this check. Maybe there needs to be a permissions
style dialog similar to cookies.
Right now, can necko tell where a URL has come from? Does necko know if
a url has come from user content verse chrome? I think I know the
answer, but in asking it someone might find the bug number which
addresses this shortcoming.
Thoughts?
_______________________________________________
dev-tech-network mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-network
