After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 330470 - disable_unsafe_protocols interacts poorly with script and style tags
disable_unsafe_protocols interacts poorly with script and style tags
Status: RESOLVED DUPLICATE of bug 316498
Product: epiphany
Classification: Core
Component: [obsolete] Backend:Mozilla
1.8.x
Other All
: Normal normal
: ---
Assigned To: Epiphany Maintainers
Marco Pesenti Gritti
Depends on:
Blocks:
 
 
Reported: 2006-02-08 21:28 UTC by Joseph Toman
Modified: 2006-02-11 19:37 UTC
See Also:
GNOME target: ---
GNOME version: 2.11/2.12


Description Joseph Toman 2006-02-08 21:28:05 UTC 
Please describe the problem:
setting /apps/epiphany/lockdown/disable_unsafe_protocols to true causes
script and style tags to misbehave, causing inline CSS not to be used 
and many web pages not to be usable.

Steps to reproduce:
1. gconftool-2 --set --type bool
/apps/epiphany/lockdown/disable_unsafe_protocols true
2. Browse www.yahoo.com or www.plone.org
3. 


Actual results:
Comments containing CSS import statements or javascript are all that is displayed

Expected results:
The page gets rendered correctly. Javascript functions. URLs with safe protocols
are retrieved.

Does this happen every time?
Yes

Other information:
The base distribution is Ubuntu 5.10. I'm trying to use epiphany in a kiosk
setting, so I need to disable the file: protocol, but not at the expense of
making many pages unreadable. My intuition says that this is a big "security vs.
utility" design bug with the various file:, smb:, whatever protocols and not a
little code bug, but I would be happy to be wrong.
Comment 1 Christian Persch 2006-02-08 21:40:35 UTC 
This should be fixed in version 1.8.3, which one do you use?
Comment 2 Joseph Toman 2006-02-08 23:14:40 UTC 
(In reply to comment #1)
> This should be fixed in version 1.8.3, which one do you use?
> 

1.8.2 . I just looked at synaptic and that seems to be the current version in Ubuntu. Is there a work around while I wait for them to get current?
Comment 3 Christian Persch 2006-02-10 13:08:36 UTC 
You could take the patch from cvs and rebuild the epiphany package with it (or just build 1.8.4.1 directly)...

http://cvs.gnome.org/viewcvs/epiphany/embed/mozilla/EphyContentPolicy.cpp?r1=1.15&r2=1.15.4.2&only_with_tag=gnome-2-12&makepatch=1&diff_format=u
Comment 4 Christian Persch 2006-02-10 23:26:52 UTC 
Or you could add "chrome" and "resource" to the additional_safe_protocols gconf key.
Comment 5 Joseph Toman 2006-02-11 00:31:32 UTC 
(In reply to comment #4)
> Or you could add "chrome" and "resource" to the additional_safe_protocols gconf
> key.
> 

Thanks, I thought there might be something like this. This will be fine until
Dapper comes out (April?). Thanks again.
Comment 6 Crispin Flowerday (not receiving bugmail) 2006-02-11 19:37:36 UTC 
Yeah, dapper is set for release in April, feel free to report any other bugs you find.

*** This bug has been marked as a duplicate of 316498 ***