Open
Bug 1114572
Opened 10 years ago
Updated 8 months ago
sandbox allow-scripts
Categories
(Core :: DOM: Copy & Paste and Drag & Drop, defect, P3)
Tracking
()
NEW
People
(Reporter: polomski.piotr, Unassigned, NeedInfo)
References
()
Details
(Whiteboard: [domsecurity-backlog])
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 Steps to reproduce: Please visit test page with iframes http://msdrop.com/msdrop-jquery-test-iframe-frameset.htm There are images or link, or use selected text for drag and drop on iframes. Just start dragging on A, B, C, D iframes for reproduce. Iframe A src is from the same domain no sandbox sttribute Iframe B src is from the other domain no sandbox sttribute Iframe C src is from the same domain + sandbox="allow-scripts" Iframe D src is from the other domain + sandbox="allow-scripts" Actual results: Iframe A - dragover, dragleave, drop works Iframe B - dragover, dragleave, drop works Iframe C - dragover, dragleave, drop NOT works Iframe D - dragover, dragleave, drop works Expected results: Iframe B - source is from other domain so dragover, dragleave, drop should NOT working without sandbox sttribute="allow-scripts" Iframe C - scripts are allowed, and this is the same domain so dragover, dragleave, drop should working as in IFRAME A
|
Reporter | |
Updated•10 years ago
|
Version: unspecified → 31 Branch
|
|
Reporter | |
Comment 1•10 years ago
|
||
Windows FireFox and Linux Iceweasel gives the same result. In Chrome/Chromium and Internet Explorer on iframes B, C, D dragover, dragleave, drop NOT works But in Opera on iframes B, C, D dragover, dragleave and drop works.
|
||
Updated•10 years ago
|
Component: Untriaged → DOM: Security
Product: Firefox → Core
|
||
Comment 2•8 years ago
|
||
Hi Olli, Can you take a look at this bug? Is this an issue we need to fix?
Flags: needinfo?(bugs)
|
||
Updated•8 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
Whiteboard: [domsecurity-backlog]
|
||
Comment 3•3 years ago
|
||
Clearing the priority/severity to get this back to triaging.
Severity: normal → --
Flags: needinfo?(bugs)
Priority: P5 → --
|
||
Updated•11 months ago
|
Component: DOM: Security → DOM: Copy & Paste and Drag & Drop
|
||
Comment 4•11 months ago
|
||
We/Nightly 116 behaves the same as Chrome and Edge for all the cases:
Iframe A src is from the same domain no sandbox sttribute: dragover, dragleave, drop works
Iframe B src is from the other domain no sandbox sttribute: dragover, dragleave, drop NOT working
Iframe C src is from the same domain + sandbox="allow-scripts": dragover, dragleave, drop NOT working
Iframe D src is from the other domain + sandbox="allow-scripts": dragover, dragleave, drop NOT working
Is this the expected behavior?
Flags: needinfo?(echen)
|
|
||
Updated•8 months ago
|
Severity: -- → S3
Priority: -- → P3
You need to log in
before you can comment on or make changes to this bug.
Description
•