Disable unsafe Window APIs in prerendering

RESOLVED FIXED in mozilla37

Status

()

defect
RESOLVED FIXED
5 years ago
4 months ago

People

(Reporter: rvid, Assigned: rvid)

Tracking

(Blocks 1 bug)

unspecified
mozilla37
x86
macOS
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

close, focus, open, alert, confirm, prompt, print, showModalDialog, moveTo, moveBy, resizeTo, resizeBy, back, forward, home, maximize, minimize, restore, sizeToContent, fullscreen, find
Blocks: prerendering
Summary: Disable some Window APIs in prerendering → Disable unsafe Window APIs in prerendering
Posted patch 1058921.patchSplinter Review
Assignee: nobody → roshanvid
Attachment #8483800 - Flags: review?(jst)
Comment on attachment 8483800 [details] [diff] [review]
1058921.patch

These changes all look good, but we should also flag innerWidth, innerHeight, outerWidth, outerHeight. Though for those we probably only want to flag the setters... do we have support for that already?

r- to deal with those additional properties.
Attachment #8483800 - Flags: review?(jst) → review-
Oh, forgot to mention that those properties are disabled by default, but can be enabled per site, so we may want to do the checking in the implementation of those rather than using webidl annotations.
I filed bug 1117876 as a follow-up to this to blacklist those setters as well.  We probably want to do that in the implementation which is why I'm breaking that up into its own bug.

https://hg.mozilla.org/integration/mozilla-inbound/rev/c7fdb9bfb672
https://hg.mozilla.org/mozilla-central/rev/c7fdb9bfb672
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.