Open
Bug 1595754
Opened 5 years ago
Updated 2 years ago
Restrict registerProtocolHandler (and friends) to first-party origins
Categories
(Core :: DOM: Core & HTML, defect, P3)
Core
DOM: Core & HTML
Tracking
()
NEW
People
(Reporter: annevk, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: dev-doc-needed)
See also https://github.com/whatwg/html/issues/4017#issuecomment-549543231. (I think first-party origin is slightly better than top-level browsing context as every frame that shares an origin with the top-level origin can call the API anyway.)
|
||
Updated•5 years ago
|
Keywords: dev-doc-needed
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•