Closed
Bug 1447654
Opened 7 years ago
Closed 7 years ago
Prevent framing the JSON viewer
Categories
(DevTools :: JSON Viewer, enhancement, P3)
DevTools
JSON Viewer
Tracking
(firefox61 affected)
RESOLVED
DUPLICATE
of bug 1384572
| Tracking | Status | |
|---|---|---|
| firefox61 | --- | affected |
People
(Reporter: Gijs, Unassigned)
Details
Similar to bug 1445106, I think we should make the JSON viewer not do anything if opened in a frame, to help prevent clickjacking and similar attacks.
|
||
Updated•7 years ago
|
Priority: -- → P3
JSON Viewer today is only used for top-level loads:
https://searchfox.org/mozilla-central/rev/b29daa46443b30612415c35be0a3c9c13b9dc5f6/devtools/client/jsonview/converter-observer.js#71
Is this what you mean, or do you have a different protection is mind?
Flags: needinfo?(gijskruitbosch+bugs)
|
Reporter | |
Comment 2•7 years ago
|
||
Ah, I'd missed that this was fixed separately, thanks for pointing it out.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(gijskruitbosch+bugs)
Resolution: --- → DUPLICATE
|
||
Updated•7 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•