Open
Bug 1435878
Opened 7 years ago
Updated 2 years ago
Handle navigations away from a page showing a Payment Request tab-modal dialog
Categories
(Firefox :: WebPayments UI, enhancement, P3)
Firefox
WebPayments UI
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox60 | --- | affected |
People
(Reporter: MattN, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [webpayments-reserve])
User Story
[ ] Consider how to handle the request coming from a subframe e.g. merchant.example embedding paymentprovider.example and the PR comes from paymentprovider.example. [ ] Consider same-document navigations e.g. to anchors [ ] Consider navigations from outside of the tab. e.g. window.open("foo.html", "mywindowname") where mywindowname is showing the dialog [ ] consider the user editing the URL in the address bar without navigating (should it be read-only?)
We need to safely/securely handle navigations away from the document that is showing the dialog to avoid spoofing attacks. We never want the Payment Request dialog to be showing for an origin that differs from the top-level origin as users may be confused.
Updated•7 years ago
|
Priority: P3 → P2
Whiteboard: [webpayments]
Updated•7 years ago
|
Priority: P2 → P3
Whiteboard: [webpayments] → [webpayments-reserve]
Updated•7 years ago
|
Product: Toolkit → Firefox
Reporter | ||
Comment 1•6 years ago
|
||
Eden, did you considered the first 3 cases in the User Story when implementing bug 1483470? Case 4 is front-end-only.
Flags: needinfo?(echuang)
Comment 2•6 years ago
|
||
Matt, Yes, basically these cases are considered. But I cannot sure if there is any corner case or not.
Flags: needinfo?(echuang)
Updated•6 years ago
|
Flags: qe-verify?
Priority: P3 → P2
Whiteboard: [webpayments-reserve] → [webpayments]
Updated•6 years ago
|
Flags: qe-verify? → qe-verify+
QA Contact: hani.yacoub
Updated•6 years ago
|
Priority: P2 → P3
Whiteboard: [webpayments] → [webpayments-reserve]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•