Open Bug 1595754 Opened 5 years ago Updated 2 years ago

Restrict registerProtocolHandler (and friends) to first-party origins

Tracking

()

Status:

NEW

People

(Reporter: annevk, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: dev-doc-needed)

Anne (:annevk)

Reporter

Description

•

5 years ago

See also https://github.com/whatwg/html/issues/4017#issuecomment-549543231. (I think first-party origin is slightly better than top-level browsing context as every frame that shares an origin with the top-level origin can call the API anyway.)

Anne (:annevk)

Reporter

Updated

•

5 years ago

Updated

•

5 years ago

Blocks: 1056860

Chris Mills [:cmills]

Updated

•

5 years ago

Keywords: dev-doc-needed

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Restrict registerProtocolHandler (and friends) to first-party origins

Categories

(Core :: DOM: Core & HTML, defect, P3)

Tracking

()

People

(Reporter: annevk, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: dev-doc-needed)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated