Closed Bug 1302399 Opened 8 years ago Closed 7 years ago

Add telemetry probe for usage of data URIs that require it to be same-origin accessible

Categories

(Core :: DOM: Security, defect, P3)

defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: freddy, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog1])

The whatwg/html spec considered an iframe pointing to a data URI as same-origin. This has changed with a recent commit [1,2] given that Edge, Webkit and Blink implement this differently.
Thus, Firefox is now the browser violating the standard.

I would like us to get some numbers, if at all possible, to gain some insights into how many page loads rely on this behavior in Firefox.

[1] <https://github.com/whatwg/html/commit/00769464e80149368672b894b50881134da4602f>
[2] <https://github.com/whatwg/html/issues/1753>
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Freddy, I am going through the list of things that block Bug 1324406. Given that we are about to change that behavior in Firefox, is this bug still needed? If not, please close for me - thanks.
Flags: needinfo?(fbraun)
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(fbraun)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.