Closed Bug 11963 Opened 26 years ago Closed 25 years ago

Need security controls on javascript: urls

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Platform:
All
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: norrisboyd)

References

(
URL
)

Details

javascript: urls have been a source of many security problems in the past. Make sure they don't happen again.
Blocks: 7252
Status: NEW → ASSIGNED
Depends on: 1646
Target Milestone: M11
Blocks: 12633
No longer blocks: 7252
Blocks: 13543
Whiteboard: brendan could add these himself
Whiteboard: brendan could add these himself → help wanted: brendan could add these himself
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Whiteboard: help wanted: brendan could add these himself
Status: RESOLVED → REOPENED
The right origin can't be found from the JS stack for uses of javascript: URLs like <A HREF="javascript:doSomething()">
Resolution: FIXED → ---
Clearing FIXED resolution due to reopen.
Status: REOPENED → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 25 years ago25 years ago
Resolution: --- → FIXED
Blocks: 17432
QA Contact: dshea → junruh
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Verified fixed.
No longer blocks: 12633, 13543
Status: RESOLVED → VERIFIED
No longer depends on: 1646
No longer blocks: 17432
You need to log in before you can comment on or make changes to this bug.