Comment #4 on issue 7507 by [email protected]: BUG: Mailto URLs are
handled differently
http://code.google.com/p/chromium/issues/detail?id=7507
If I click on all the "Mail To" links, this is what I get :
1. Do nothing, both IE7 and Chrome
2. same for both IE7 and Chrome
3. Do nothing for chrome, truncated mail in IE
4. do nothing for chrome, truncated mail in IE
5. Do nothing for chrome, ok in IE
6. Do nothing for chrome, truncated mail in IE
7. Same for both IE7 and Chrome
This result is all expected, and it's commented in the code. Our mailto:
code looks a
lot like the one in Firefox. We might be a little bit more restrictive:
--------------
// According to Mozilla in
uriloader/exthandler/win/nsOSHelperAppService.cpp:
// "Some versions of windows (Win2k before SP3, Win XP before SP1) crash
in
// ShellExecute on long URLs (bug 161357 on bugzilla.mozilla.org). IE 5
and 6
// support URLS of 2083 chars in length, 2K is safe."
const size_t kMaxUrlLength = 2048;
if (escaped_url.length() > kMaxUrlLength) {
NOTREACHED();
return;
}
So the edge case is a little bit more restrictive in Chrome, but we are
talking only
about a few characters, and it's a lot better that than to have a potential
security
issue.
Do you think mailto: links longer than 2k are frequent enough to add logic
to the
code to check if the current OS is vulnerable or not? I personally don't
think so,
but I'm interested to hear what you think.
Nicolas
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
