Open Bug 1435878 Opened 7 years ago Updated 2 years ago

Handle navigations away from a page showing a Payment Request tab-modal dialog

Categories

(Firefox :: WebPayments UI, enhancement, P3)

enhancement

Tracking

()

Tracking Status
firefox60 --- affected

People

(Reporter: MattN, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [webpayments-reserve])

User Story

[ ] Consider how to handle the request coming from a subframe e.g. merchant.example embedding paymentprovider.example and the PR comes from paymentprovider.example. 
[ ] Consider same-document navigations e.g. to anchors
[ ] Consider navigations from outside of the tab.
    e.g. window.open("foo.html", "mywindowname") where mywindowname is showing the 
    dialog
[ ] consider the user editing the URL in the address bar without navigating (should it be read-only?)
We need to safely/securely handle navigations away from the document that is showing the dialog to avoid spoofing attacks. We never want the Payment Request dialog to be showing for an origin that differs from the top-level origin as users may be confused.
Priority: P3 → P2
Whiteboard: [webpayments]
Priority: P2 → P3
Whiteboard: [webpayments] → [webpayments-reserve]
Product: Toolkit → Firefox
Depends on: 1483470
Eden, did you considered the first 3 cases in the User Story when implementing bug 1483470? Case 4 is front-end-only.
Flags: needinfo?(echuang)
Matt, Yes, basically these cases are considered. But I cannot sure if there is any corner case or not.
Flags: needinfo?(echuang)
Flags: qe-verify?
Priority: P3 → P2
Whiteboard: [webpayments-reserve] → [webpayments]
Flags: qe-verify? → qe-verify+
QA Contact: hani.yacoub
Priority: P2 → P3
Whiteboard: [webpayments] → [webpayments-reserve]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.