Closed
Bug 1351500
Opened 8 years ago
Closed 7 years ago
Security review of Intersection Observer API
Categories
(Firefox Graveyard :: Security: Review Requests, enhancement)
Firefox Graveyard
Security: Review Requests
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: tschneider, Unassigned)
References
Details
(Whiteboard: audit)
Requesting a security review of the Intersection Observer API, as tracked in Bug 1321865. Spec: https://wicg.github.io/IntersectionObserver/ Concerns raised from bz via dev-platform: > Has there been a security review? The reason I ask is that the definition at > https://wicg.github.io/IntersectionObserver/#intersectionobserver-intersection- > root means the intersection root can be in a different-origin document, and then > there are operations that use it, so it would be good to carefully check for > cross-origin information leaks. Do we have good tests for the various cross- > origin scenarios? I do see some cross-origin testing in > dom/base/test/test_intersectionobservers.html, which is good.
|
||
Comment 1•7 years ago
|
||
This should use the pi-request process if you want to get into the real security-review queue, but hopefully this is a more useful component.
Component: Security → Security: Review Requests
I'm cleaning up the security review requests component as my team is going to start using it for our reviews. As far as I can tell this feature landed in 55. Does it still need the testing requested in comment 0? I assume it had security review as part of the normal review process, and that there isn't anything to do here? Just wanted to check before I close this. (Im flagging you Jet, as it seems Tobias' bugzilla account is disabled)
Flags: needinfo?(bugs)
|
||
Updated•7 years ago
|
Whiteboard: audit
|
||
Comment 3•7 years ago
|
||
I think we're all set on this feature. We've fuzzed it, and have also fixed a number of issues found after shipping. The feature has cross-origin tests in the tree, and you're welcome to review those for completeness, in case you spot anything we missed: https://searchfox.org/mozilla-central/source/dom/base/test/test_intersectionobservers.html#975 https://searchfox.org/mozilla-central/source/testing/web-platform/tests/intersection-observer/cross-origin-iframe.html
Flags: needinfo?(bugs)
Thanks Jet.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
|
||
Updated•5 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•