REPRODUCIBILITY (% or how often): 100%
BUILD ID = OS VERSION (Settings > About product): 4.0.1.45
HARDWARE (Jolla1, Tablet, XA2,…): xperia x
UI LANGUAGE:browser
REGRESSION: (compared to previous public release: Yes, No, ?): no
DESCRIPTION:
browser has access to system partitions & files
PRECONDITIONS:
STEPS TO REPRODUCE:
- open stock browser
- enter view-source:file:///etc/passwd in the url
- see the content of the file displayed
EXPECTED RESULT:
The same way I would not expect a total stranger to be able to “dig in my pockets” when they feel like, so I would not expect a UserAgent with Javascript capabiliities to have rights to scoop freely around my file system (on a privacy-oriented product especially). Ideally;
i would need to be able to customize the accessible locations on the filesystem, out of a default setup.
ACTUAL RESULT:
File system is accessible.
ADDITIONAL INFORMATION:
N/A