Closed
Bug 1216480
Opened 9 years ago
Closed 8 years ago
block dialogs from confirm(), print(), etc. in iframe[sandbox]
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1190641
People
(Reporter: freddy, Unassigned)
Details
(Whiteboard: [domsecurity-backlog])
Let's disallow opening modal dialogs from sandboxed iframes by default. Chrome and Edge already do this. This should include * `alert()` * `confirm()` * `prompt` * `print()` * `showModalDialog()` * `beforeunload` and possibly more?
Updated•8 years ago
|
Whiteboard: [domsecurity-backlog]
WHATWG added it to HTML, yes: https://html.spec.whatwg.org/multipage/browsers.html#sandboxed-modals-flag. That's trickled down into the W3C version as well: https://w3c.github.io/html/browsers.html#sandboxed-modals-flag.
Comment 3•8 years ago
|
||
(In reply to Tanvi Vyas [:tanvi] from comment #1) > Is this in the spec? Should it be? Thanks Mike! Removing freddy's needinfo.
Flags: needinfo?(fbraun)
Comment 4•8 years ago
|
||
Looks like bz is picking this up in bug 1190641.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•