Closed Bug 1499442 Opened 1 year ago Closed 1 year ago

Preload user-interaction permission

Categories

(Core :: DOM: Security, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
mozilla64
Tracking Status
firefox64 --- fixed

People

(Reporter: baku, Assigned: baku)

Details

(Whiteboard: [domsecurity-backlog1] [domsecurity-active])

Attachments

(1 file)

This is needed because we must check this permission before loading the document, opened via window.open().
Attached patch fix_3.patchSplinter Review
Attachment #9017610 - Flags: review?(ehsan)
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog1] [domsecurity-active]
Comment on attachment 9017610 [details] [diff] [review]
fix_3.patch

Review of attachment 9017610 [details] [diff] [review]:
-----------------------------------------------------------------

Got Nika's blessing on IRC, FWIW.
Attachment #9017610 - Flags: review?(ehsan) → review+
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/3e2b52df8b24
Preload user-interaction permission, r=ehsan
https://hg.mozilla.org/mozilla-central/rev/3e2b52df8b24
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Flags: qe-verify-

There is a possible regression for this on https://www.slideshare.net/
See https://github.com/webcompat/web-bugs/issues/28184#issuecomment-487836853

I'll open a bug about it.

Flags: needinfo?(amarchesini)

slideshare.net loads a linkedin script which creates an iframe loading this URL:

https://www.linkedin.com/tscp-serving/dtag?sz=300x250&dc_ref=https://www.slideshare.net/&ti=1&z=slideshare&p=5&pk=slideshare_desktop_homepage_loggedout&_rx=;adsense=t;dc_ref=https://www.slideshare.net/;$DCOPT;ord=$ORD&appnexusuid=0

I don't know yet why firefox decides to save the content instead of loading it.
Because we expose the user-interaction permission, we allow linkedin to load this iframe, but the problem is not in the permission propagation. The issue is in why this content is not displayed correctly. Ehsan, do you agree with this?

Flags: needinfo?(amarchesini) → needinfo?(ehsan)

I don't think this problem is related to this bug at all. The regression range was https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=a48759a33738d8b5f4ad4659115e8bbd1e608c31&tochange=3e2b52df8b24f0faf0b1a1f7a32cd8040e53e240 which also includes bug 1492563. :-)

A description about what is causing this can be found at https://bugzilla.mozilla.org/show_bug.cgi?id=1547905#c4.

Flags: needinfo?(ehsan)
You need to log in before you can comment on or make changes to this bug.