Created attachment 8769918 [details] bug-load-any-test-case-2.zip Background pages should not be able to navigate to arbitrary URLs. Test case 1 (main frame-initiated navigation): 1. Inspect any background page. 2. location.href = 'http://example.com/'; 3. Wait a second. 4. document.documentElement.outerHTML; Result : Step 4 looks like example.com Expected: Step 2 should fail, the navigation should be rejected. Test case 2 (child frame-initiated navigation): 1. Load the attached addon via about:debugging 2. (The addon's background page inserts a frame, the frame has a script that navigates the top-level frame to example.com) 3. Debug the background page via about:debugging 4. Type location.href Result : http://example.com/ Expected: moz-extension://...
I don't think this is a big deal (now that bug 1226423 is fixed, anyway). If the background page wants to load remote iframes, it should sandbox them. I don't have any objection to preventing this, though.
Bulk move of bugs per https://bugzilla.mozilla.org/show_bug.cgi?id=1483958
Component: Untriaged → General
You need to log in before you can comment on or make changes to this bug.