© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
(From update of attachment 382214)
1) The patch will fire that nice assert in LoadImage() that was added precisely to catch someone doing something daft like this. Please test patches in debug builds?
2) This patch makes it so that if chrome script does an innerHTML set on the document the images will load. If the html string happened to be under the control of the page, this could be pretty bad because:
3) This patch makes it so that if chrome script happens to be on the stack when we enter this code all security checks (not just the "is this image blocked check", but the CheckLoadURI checks) are bypassed. I doubt that's desirable.
4) If we fix things so that <img src="javascript:"> works in a sandbox, this code would run said javascript in the sandbox with the system principal... Could also be bad.