Closed
Bug 1446980
Opened 7 years ago
Closed 1 year ago
[wpt-sync] Sync PR 9870 - Remove browsing context name on cross origin navigation
Categories
(Core :: DOM: Core & HTML, enhancement, P3)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 9870 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/w3c/web-platform-tests/pull/9870
Details from upstream follow.
Andy Paicu <andypaicu@chromium.org> wrote:
> Remove browsing context name on cross origin navigation
>
> When updating the history after a cross-origin navigation, the HTML
> Standard says: "If the browsing context is a top-level browsing context,
> but not an auxiliary browsing context, then set the browsing context's
> name to the empty string."
>
> Currently we are not doing this which means there's potential
> information leak.
>
> Spec: https://html.spec.whatwg.org/multipage/browsers.html#resetBCName
> I2S: https://groups.google.com/a/chromium.org/d/msg/blink-dev/fhUIycdlINU/RLVEOKaNAwAJ
> Webkit change: https://trac.webkit.org/changeset/209076/webkit
>
> Fixed a bug where <webview>'s with a name attribute specified lost the name
> because they don't have an owner or opener but they have a name
> attribute, webviews where losing the name on the initial navigation
> commit.
>
> This is a resubmit of https://chromium.googlesource.com/chromium/src.git/+/57e5929e121f8f081a80a2faaf68b00552cf7e72
> which had to get reverted because of this issue.
>
> Bug: 706350
> Change-Id: Iddb7fd1659c986552c86b70a9790c5ae33f7d2ef
> Reviewed-on: https://chromium-review.googlesource.com/778160
> WPT-Export-Revision: ac24e83d9b86ba1e86697a065221726def011dc1
>
>
>
|
Reporter | |
Updated•7 years ago
|
Component: web-platform-tests → DOM
Product: Testing → Core
|
|
Reporter | |
Comment 1•7 years ago
|
||
|
|
Reporter | |
Comment 2•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=0aab6828c40a13a66db2b8ac1fb350216802fbbc
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
|
||
Updated•3 years ago
|
Severity: normal → S3
|
||
Comment 4•1 year ago
|
||
It looks that we already have the tests in-tree and pass.
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•