Firefox 3 shows an alert box saying "URL is not valid and cannot be
loaded" however I don't see anything the EC (EC^2, really) that gives
even a hint. This did not happen in Firefox 2.
Here's the kicker:
(same as above except parameter myname is now yname) does not trigger
the issue. Also changing myname to a longer name does not trigger the
issue.
Oh, a final note: the page does load fine. And when I view source
everything looks like I expect. When view source is reloaded the
message does *not* come up.
Any ideas on what's the source of this?
Thanks!
Lucy found a pseudo fix. Basically if you clear cookies this problem
sorta goes away.
The problem with the fix is that clearing the user's cookies every
time they run the extension isn't really a fix I can use :(.
Also, the popup still comes up if I go directly to that url but not if
I get it using JS:
var ioserv = Components.classes["@mozilla.org/network/io-
service;1"] .getService(Components.interfaces.nsIIOService);
var channel = ioserv.newChannel("http://192.168.123.100:591/
classic.php?yname=+%3CMETA+HTTP-EQUIV%3D%22refresh%22+CONTENT%3D%220%3B
+URL%3Dhttp%3A%2F%2F%3BURL%3Djavascript%3Adocument.vulnerable%3Dtrue%3B
%22%3E+", 0, null);
var stream = channel.open();
var sis = Components.classes["@mozilla.org/
scriptableinputstream;
1"].createInstance(Components.interfaces.nsIScriptableInputStream);
sis.init(stream);
alert(sis.read(sis.available()));
Any ideas on what's going on and how to stop it?