Closed Bug 1596382 Opened 1 year ago Closed 1 year ago

[wpt-sync] Sync PR 20250 - Prevent sandboxed frames from navigating to `javascript:`.

Categories

(Core :: DOM: Core & HTML, task, P4)

task

Tracking

()

RESOLVED FIXED
mozilla72
Tracking Status
firefox72 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 20250 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/20250
Details from upstream follow.

Mike West <mkwst@chromium.org> wrote:

Prevent sandboxed frames from navigating to javascript:.

Frames with the allow-popup and allow-popup-to-escape-sandbox flags
can cause JavaScript execution in their origin by navigating to a
javascript: URL via target=_blank or similar. This is technically
correct, but surprising.

https://github.com/whatwg/html/pull/5083 aims to tighten that check to
match developers' expectations that javascript: URLs controlled by a
page that's been sandboxed away from script will not execute.

Bug: 1014371
Change-Id: I3b5fa676e73cbf78485b85ce2593284bce2e68cc
Reviewed-on: https://chromium-review.googlesource.com/1916467
WPT-Export-Revision: 61f75fdd50914553f2f5b43af98f1330708aaec6

Component: web-platform-tests → DOM: Core & HTML
Product: Testing → Core
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5379811f4fed
[wpt PR 20250] - Prevent sandboxed frames from navigating to `javascript:`., a=testonly
https://hg.mozilla.org/integration/autoland/rev/60d24475b40f
[wpt PR 20250] - Update wpt metadata, a=testonly
Test result changes from PR not available.
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.