Closed Bug 1058921 Opened 7 years ago Closed 6 years ago
Disable unsafe Window APIs in prerendering
close, focus, open, alert, confirm, prompt, print, showModalDialog, moveTo, moveBy, resizeTo, resizeBy, back, forward, home, maximize, minimize, restore, sizeToContent, fullscreen, find
Summary: Disable some Window APIs in prerendering → Disable unsafe Window APIs in prerendering
Assignee: nobody → roshanvid
Attachment #8483800 - Flags: review?(jst)
Comment on attachment 8483800 [details] [diff] [review] 1058921.patch These changes all look good, but we should also flag innerWidth, innerHeight, outerWidth, outerHeight. Though for those we probably only want to flag the setters... do we have support for that already? r- to deal with those additional properties.
Attachment #8483800 - Flags: review?(jst) → review-
Oh, forgot to mention that those properties are disabled by default, but can be enabled per site, so we may want to do the checking in the implementation of those rather than using webidl annotations.
I filed bug 1117876 as a follow-up to this to blacklist those setters as well. We probably want to do that in the implementation which is why I'm breaking that up into its own bug. https://hg.mozilla.org/integration/mozilla-inbound/rev/c7fdb9bfb672
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
You need to log in before you can comment on or make changes to this bug.