On 28/09/2011 13:23, Stanimir Stamenkov wrote: > Tue, 27 Sep 2011 17:57:01 -0400, /Justin Wood (Callek)/: >> On 9/27/2011 5:26 PM, Stanimir Stamenkov wrote: >> >>> https://bugzilla.mozilla.org/show_bug.cgi?id=688841 >> >> O right... (/me grumbles at forgetting we did that security fix) >> >> Its necessary for security, "EOM" > > Seems I don't understand - how's this related to security? Is it > related to the change javascript: and data: URIs don't have DOM > access when entered directly in the location bar (since Firefox 6 > but not in SeaMonkey 2.3, as it appears)? Note the cases in the > given bug report are not the same and work just fine with Firefox > 6/7, but not in SeaMonkey 2.4.
Probably we need to port one or more of the following bugs: Bug 656433 - Disallow javascript: and data: URLs entered into the location bar from inheriting the principal of the currently-loaded page. Bug 658220 - Invoking bookmarklets by keyword no longer works (broken by Bug 656433). Bug 658383 - ensure that we avoid inheriting the owner principal when clicking the Go button. Phil (looks at Stanimir meaningfully) -- Philip Chee <phi...@aleytys.pc.my>, <philip.c...@gmail.com> http://flashblock.mozdev.org/ http://xsidebar.mozdev.org Guard us from the she-wolf and the wolf, and guard us from the thief, oh Night, and so be good for us to pass. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey