Michael Krax wrote: [...]
It seems this function gets used to implement blocker conditions in the code, to prevent that a malicious uri (e.g. javascript) gets used in a piece of code with chrome priviliges:
if (uri.schemeIs("javascript")) return
The problem that i see is, that if ever an extension adds support for other schemes (a vbscript or jscript extension isn't that theoretical) the blocker condition is useless and a bunch of security errors appear since vbscript/jscript can basicly do the same as javascript.
I'm not much more competent about that either, but maybe a bug entry to request more defensive programming would be useful ?
I did a check and it seems all the code assumes the list of protocol is closed. Even if it were not possible to add one with an extension, it is possible one more gets added later. Reading that code, I wondered if things like 'wyciwyg:' (what you cache is what you get) have been taken into account everywhere.
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
