no error message for bad file URL
Categories
(Core :: Networking: File, defect)
Tracking
()
People
(Reporter: bobj, Assigned: dougt)
Details
Attachments
(1 obsolete file)
Comment 1•23 years ago
|
||
Comment 2•23 years ago
|
||
Comment 5•5 years ago
|
||
This ensures we never have a RemoteWindowProxy from a page to a PDF viewer that
should have been same-origin with it.
This does not disclose any server-side information that would not ideally be
available anyway (if the PDF viewer were actually made same-origin with the
embedding page, say, when the PDF URL is same-origin).
In case of full-content-process security compromises, it doesn't look like the
APIs exposed to the PDF viewer allow anything that could not be done via other
methods available during such a compromise.
Comment 6•5 years ago
|
||
Comment on attachment 9128222 [details]
Bug 911444 part 4. Place PDF viewer documents in the process they would be in if the PDF viewer did not change their principal.
Revision D63710 was moved to bug 911444. Setting attachment 9128222 [details] to obsolete.
Description
•