User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 Steps to reproduce: Please visit test page with iframes http://msdrop.com/msdrop-jquery-test-iframe-frameset.htm There are images or link, or use selected text for drag and drop on iframes. Just start dragging on A, B, C, D iframes for reproduce. Iframe A src is from the same domain no sandbox sttribute Iframe B src is from the other domain no sandbox sttribute Iframe C src is from the same domain + sandbox="allow-scripts" Iframe D src is from the other domain + sandbox="allow-scripts" Actual results: Iframe A - dragover, dragleave, drop works Iframe B - dragover, dragleave, drop works Iframe C - dragover, dragleave, drop NOT works Iframe D - dragover, dragleave, drop works Expected results: Iframe B - source is from other domain so dragover, dragleave, drop should NOT working without sandbox sttribute="allow-scripts" Iframe C - scripts are allowed, and this is the same domain so dragover, dragleave, drop should working as in IFRAME A
Version: unspecified → 31 Branch
Windows FireFox and Linux Iceweasel gives the same result. In Chrome/Chromium and Internet Explorer on iframes B, C, D dragover, dragleave, drop NOT works But in Opera on iframes B, C, D dragover, dragleave and drop works.
Component: Untriaged → DOM: Security
Product: Firefox → Core
Hi Olli, Can you take a look at this bug? Is this an issue we need to fix?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.