Closed
Bug 1302399
Opened 8 years ago
Closed 7 years ago
Add telemetry probe for usage of data URIs that require it to be same-origin accessible
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: freddy, Unassigned)
References
Details
(Whiteboard: [domsecurity-backlog1])
The whatwg/html spec considered an iframe pointing to a data URI as same-origin. This has changed with a recent commit [1,2] given that Edge, Webkit and Blink implement this differently. Thus, Firefox is now the browser violating the standard. I would like us to get some numbers, if at all possible, to gain some insights into how many page loads rely on this behavior in Firefox. [1] <https://github.com/whatwg/html/commit/00769464e80149368672b894b50881134da4602f> [2] <https://github.com/whatwg/html/issues/1753>
Updated•8 years ago
|
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Comment 1•7 years ago
|
||
Freddy, I am going through the list of things that block Bug 1324406. Given that we are about to change that behavior in Firefox, is this bug still needed? If not, please close for me - thanks.
Flags: needinfo?(fbraun)
Reporter | ||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(fbraun)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•