Fx 3 showing strange "URL is not valid and cannot be loaded" message - Mozilla

This is a discussion on Fx 3 showing strange "URL is not valid and cannot be loaded" message - Mozilla ; When I, or my extension, try to load this url: http://192.168.123.100:591/classic.p...true%3B%22%3E+ Firefox 3 shows an alert box saying "URL is not valid and cannot be loaded" however I don't see anything the EC (EC^2, really) that gives even a hint. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Fx 3 showing strange "URL is not valid and cannot be loaded" message

  1. Fx 3 showing strange "URL is not valid and cannot be loaded" message

    When I, or my extension, try to load this url:

    http://192.168.123.100:591/classic.p...true%3B%22%3E+

    Firefox 3 shows an alert box saying "URL is not valid and cannot be
    loaded" however I don't see anything the EC (EC^2, really) that gives
    even a hint. This did not happen in Firefox 2.

    Here's the kicker:

    http://192.168.123.100:591/classic.p...true%3B%22%3E+

    (same as above except parameter myname is now yname) does not trigger
    the issue. Also changing myname to a longer name does not trigger the
    issue.

    Oh, a final note: the page does load fine. And when I view source
    everything looks like I expect. When view source is reloaded the
    message does *not* come up.

    Any ideas on what's the source of this?

    Thanks!

  2. Re: Fx 3 showing strange "URL is not valid and cannot be loaded"message

    On Jun 23, 11:00*pm, "themystic...@gmail.com"
    wrote:
    > When I, or my extension, try to load this url:
    >
    > http://192.168.123.100:591/classic.p...HTTP-EQUIV%3D%....
    >
    > Firefox 3 shows an alert box saying "URL is not valid and cannot be
    > loaded" however I don't see anything the EC (EC^2, really) that gives
    > even a hint. This did not happen in Firefox 2.
    >
    > Here's the kicker:
    >
    > http://192.168.123.100:591/classic.p...TTP-EQUIV%3D%2....
    >
    > (same as above except parameter myname is now yname) does not trigger
    > the issue. Also changing myname to a longer name does not trigger the
    > issue.
    >
    > Oh, a final note: the page does load fine. And when I view source
    > everything looks like I expect. When view source is reloaded the
    > message does *not* come up.
    >
    > Any ideas on what's the source of this?
    >
    > Thanks!


    Lucy found a pseudo fix. Basically if you clear cookies this problem
    sorta goes away.

    The problem with the fix is that clearing the user's cookies every
    time they run the extension isn't really a fix I can use .

    Also, the popup still comes up if I go directly to that url but not if
    I get it using JS:

    var ioserv = Components.classes["@mozilla.org/network/io-
    service;1"] .getService(Components.interfaces.nsIIOService);
    var channel = ioserv.newChannel("http://192.168.123.100:591/
    classic.php?yname=+%3CMETA+HTTP-EQUIV%3D%22refresh%22+CONTENT%3D%220%3B
    +URL%3Dhttp%3A%2F%2F%3BURL%3Djavascript%3Adocument .vulnerable%3Dtrue%3B
    %22%3E+", 0, null);
    var stream = channel.open();
    var sis = Components.classes["@mozilla.org/
    scriptableinputstream;
    1"].createInstance(Components.interfaces.nsIScriptabl eInputStream);
    sis.init(stream);
    alert(sis.read(sis.available()));

    Any ideas on what's going on and how to stop it?

+ Reply to Thread