Firefox3.1/Security/ViewSource: Difference between revisions

Jump to navigation Jump to search

Firefox3.1/Security/ViewSource (view source)

Revision as of 00:06, 4 December 2008

501 bytes added ,  4 December 2008
→‎Review comments
Line 139: Line 139:


== Review comments ==
== Review comments ==
* need to whitelist scheme? either a short static list, or at least checkLoadURI?
* javascript: in particular would be bad (but seems to be blocked?)
* what's the principal used for data: urls?
* what referrer gets sent?
* Jesse thinks DNS prefetching needs to be disabled for privacy since we might linkify things that weren't actual links in the page. (<foo href="http://blah.com"> will get linkified).
* make sure URI's added can't be used for script injection, extra quotes don't mess it up, etc.
Dveditz
canmove, Confirmed users
637

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/119399"

Navigation menu