Open
Bug 1419501
Opened 7 years ago
Updated 2 months ago
consider requiring user interaction for cross-origin iframe window.top.location navigation
Categories
(Core :: DOM: Core & HTML, enhancement, P3)
Tracking
()
NEW
People
(Reporter: bkelly, Unassigned)
References
()
Details
(Keywords: spec-needed)
We should consider requiring user interaction before allowing a cross-origin iframe to navigate the top window. For example, to prevent stuff like this:
https://twitter.com/NateTheFinch/status/933030604844740609
Chrome has been running an intervention to experiment with this and are shipping some kind of mitigation in chrome 64:
https://github.com/WICG/interventions/issues/16
If they are successful in shipping that, it might be nice to follow suit.
Updated•7 years ago
|
Priority: -- → P3
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
Updated•2 years ago
|
Updated•2 months ago
|
Keywords: spec-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•