[WEB4LIB] Re: Mac Mozilla CSS image includes problem

Bobb Menk bmenk at ll.mit.edu
Wed Jan 12 10:01:42 EST 2005 

For Firefox:

Tools -> Options -> Web Features
Then you can check "Allow Images" (which is from anywhere) or further 
check "for the originating site only"

Bobb Menk



Keith Jenkins wrote:
> On Tue, 11 Jan 2005 13:58:24 -0800 (PST), Bobb Menk <bmenk at ll.mit.edu> wrote:
> 
>>Under the Privacy and Security preferences, there's a setting for
>>"Images". This was set to "Accept images that come from the originating
>>server only" If I set it to "Accept all images" the missing ones
>>magically appear.
>>
>>Now to find out if that's the default setting in Mozilla as configured
>>for distribution by our IT Dept or not...
> 
> 
> We noticed a similar situation recently with XML files not being able
> to access XSL stylesheets that were not on the same server.  This was
> a problem in both MSIE and Firefox.
> 
> Apparently, it is considered somewhat risky for an XML file to link to
> an XSL stylesheet that is not on the same server, presumably because
> someone at the other server could, at any moment, unexpectedly change
> the XSL stylesheet to something different, if not malicious.  (I don't
> think it's as much of a security issue with images.  My guess is that
> "Accept images that come from the originating server only" was
> probably just a way of blocking banner ads.)
> 
> In MSIE, you can change the security settings by going to the menu
> item "Tools > Internet Options".  Click on the "Security" tab, and
> click "Custom Level..."  Scroll down almost half way to "Miscellaneous
> 
>>Access data sources across domains".  It probably says "Disable"
> 
> (which I think may have been a relatively recent IE security patch--I
> remember getting a prompt in the past).  Change this to "Prompt".
> 
> After doing this, if you load an XML file which links to an
> externally-located stylesheet, you should get a prompt saying "This
> page is accessing information that is not under its control . . ."  If
> you click "yes", then you should see the XML as transformed into HTML.
> 
> I haven't yet found a similar setting in Firefox.  Does anyone know?
> 
> Of course, we can't expect all our users to run through that routine
> of changing their settings, so the best solution is to simply put the
> XSL file on the same server as the XML data.
> 
> -Keith
> 
> Keith Jenkins, Metadata Librarian
> Mann Library,  Cornell University
> kgj2 at cornell.edu  *  607-255-7953
>

More information about the Web4lib mailing list