Closed
Bug 1287885
Opened 8 years ago
Closed 8 years ago
window.alert not being restricted by iframe sandbox
Categories
(Core :: DOM: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1190641
People
(Reporter: jpmunz, Unassigned)
Details
Attachments
(1 file)
157 bytes,
text/html
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0 Build ID: 20160623154057 Steps to reproduce: Open the attached html file in FF 47.0.1 and click the X button Actual results: An alert popup is shown Expected results: Since the iframe that triggered the popup has 'sandbox="allow-scripts"' the action shouldn't have been allowed. From https://developer.mozilla.org/en/docs/Web/HTML/Element/iframe#attr-sandbox this should only be allowed if 'sandbox="allow-scripts allow-modals"'
Comment 1•8 years ago
|
||
As shown in the compatibility section at the bottom of that MDN page, allow-modals wasn't added until Firefox 49. You can test this in our current "Dev Edition". This probably ought to be a dupe of the bug that implemented the feature, but I'm too lazy to look that up right now so I'll mark it worksforme.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•