Open
Bug 1010011
Opened 10 years ago
Updated 2 years ago
Gecko should forbid embedding iframe which has different origins in src and mozAPP(manifest URL) attribute.
Categories
(Core :: DOM: Core & HTML, defect, P5)
Tracking
()
NEW
People
(Reporter: GaryChen, Unassigned)
Details
Embed iframe with different origins in src and mozAPP(manifest URL) attribute. ex: <iframe mozapp="app://abc.gaia/manifest.webapp" src="app://xyz.gaia/"> Expected result: Gecko will show error and kill the instance. Actual: Gecko creates a instance for this iframe.
Updated•10 years ago
|
Component: General → DOM
Product: Firefox OS → Core
Comment 1•10 years ago
|
||
This will likely be more complex than a same-origin check. That needs to honor what has be called the "application scope" (there are a couple of mailing list threads about that) and it's not clear yet how we define these. That's important because this should be enforced not only when opening the iframe but also during navigation.
Comment 2•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven't been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•