Enable the blocking of external protocol URLs in iframes

RESOLVED FIXED in Firefox 67

Status

()

enhancement
P2
normal
RESOLVED FIXED
4 months ago
Last month

People

(Reporter: baku, Assigned: baku)

Tracking

({dev-doc-complete, site-compat})

Trunk
mozilla67
Points:
---

Firefox Tracking Flags

(firefox67 fixed)

Details

Attachments

(1 attachment)

Assignee

Description

4 months ago

dom.block_external_protocol_in_iframes is currently set to true only in nightly.
There are no reasons to block the shipping of this feature.

Priority: -- → P2

Comment 2

4 months ago
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bf504227f362
Enable the blocking of external protocol URLs in iframes, r=smaug

Comment 3

4 months ago
bugherder
Status: NEW → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
Component: DOM → DOM: Core & HTML

Note to MDN writers: note added to Fx67 rel notes about this: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/67#Security

In terms of other docs, you may want to consider adding BCD about this, or writing it up in a bit more detail on the <iframe> page.

I decided to just add a BCD data point for this: https://github.com/mdn/browser-compat-data/pull/4089

I think the docs are complete.

You need to log in before you can comment on or make changes to this bug.