chrome and resoruce are special cased by ns(XUL)Document. about should be too.

Comment on attachment 153145 [details] [diff] [review] sorta consistently skip resolving about ala chrome and resource r+sr=bzbarsky. Looks reasonable.

is this already on the trunk?

Checked in last night, yes.

Comment on attachment 153145 [details] [diff] [review] sorta consistently skip resolving about ala chrome and resource a=mkaply

mozilla/content/base/src/nsDocument.cpp 3.510 mozilla/content/xul/document/src/nsXULDocument.cpp 1.628

Does this influence any security things? What about the about: documents (e.g., about:credits) loaded from remote hosts over insecure connections? It's not clear to me what the rationale for this was.

The only change is that now about:credits can link to other about: URIs.... Given that about: is marked as "ChromeProtocol", that could indeed be a problem. timeless, what was the reason for this again? I recall that it was a decent reason, but I can't recall it exactly...

about: urls already have credentials based on what their specific url is <http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/netwerk/protocol/about/src/nsAboutRedirector.cpp&rev=1.19&mark=50,54-58,61#47> if you're actually concerned, then the fact that the url changes to resource: instead of keeping about: should be more worrisome. note that using: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a3) Gecko/20040728 and loading about:credits, using ctrl-shift-i (inspect document) and changing the mailto at the bottom to link to about:config, and then clicking it, i get: Error: uncaught exception: Load of about:config denied. This is because the about: url has already dropped its privs and is *not* priv'd. Anyone adding a redirector is of course obligated to undergo a security review. unless of course that someone is a member of aviary, in which case they seem to be allowed to make arbitrary commits to locked files whenever they please. "<ben> timeless: bite me."

This checkin broke linking to licenses in chrome (bug 256945). That's really quite bad. I can't immediately see how to make this work again, apart from writing an about:license, which I'd rather avoid (if only because of holy wars about the spelling of licence). Is there an easy way to restore this function? Gerv

So it looks like the chrome protocol thing actually _prevents_ linking _to_ about: URIs. The question is whether about: is trustworthy. If it is, we should mark it so. If it's not, it should not be able to link to arbitrary chrome documents.

There isn't currently an about: which is obviously untrustworthy. about:cache doesn't display data from the cache, just links to the original page. But it might be dangerous to assume this will always be the case. Is about:licen[cs]e the only solution, then? Or can we use res: or resource: or something? Gerv

note that about:config has chrome privileges

resource: and chrome: are identical for our purposes here. about: runs javascript, in general, so making it chrome should be scrutinized very carefully... about:license is probably the best solution in any case.

This needs to be backed out of the 1.7 and aviary branch for 1.7.5. Timeless, can you do that for us?

asa: i *need* this for my product which will be moving to 1.7.5. <period>

Then you'll have to put it in separately. 1.7.5 needs to match Firefox 1.0, and this causes it not to. I was wrong to approve this. Either way, this broke something we need (licenses in chrome) so it needs to be backed out.

Comment on attachment 153145 [details] [diff] [review] sorta consistently skip resolving about ala chrome and resource Backed out of 1.7.5.

Note that this also broke about: when JS is disabled, since the document no longer had a chrome: URI in the security manager.