On 28/09/2011 13:23, Stanimir Stamenkov wrote:
> Tue, 27 Sep 2011 17:57:01 -0400, /Justin Wood (Callek)/:
>> On 9/27/2011 5:26 PM, Stanimir Stamenkov wrote:
>>
>>> https://bugzilla.mozilla.org/show_bug.cgi?id=688841
>>
>> O right... (/me grumbles at forgetting we did that security fix)
>>
>> Its necessary for security, "EOM"
> 
> Seems I don't understand - how's this related to security?  Is it 
> related to the change javascript: and data: URIs don't have DOM 
> access when entered directly in the location bar (since Firefox 6 
> but not in SeaMonkey 2.3, as it appears)?  Note the cases in the 
> given bug report are not the same and work just fine with Firefox 
> 6/7, but not in SeaMonkey 2.4.

Probably we need to port one or more of the following bugs:

Bug 656433 - Disallow javascript: and data: URLs entered into the
location bar from inheriting the principal of the currently-loaded page.

Bug 658220 - Invoking bookmarklets by keyword no longer works (broken by
Bug 656433).

Bug 658383 - ensure that we avoid inheriting the owner principal when
clicking the Go button.

Phil (looks at Stanimir meaningfully)

-- 
Philip Chee <phi...@aleytys.pc.my>, <philip.c...@gmail.com>
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Reply via email to