Closed Bug 1634262 Opened 10 months ago Closed 6 months ago

Refuse nested `Document.execCommand()` calls by default in release builds

Categories

(Core :: DOM: Core & HTML, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
82 Branch
Tracking Status
firefox82 --- fixed

People

(Reporter: masayuki, Assigned: masayuki)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-needed, parity-chrome, site-compat)

Attachments

(1 file)

Currently, we don't have any regression reports for bug 1611374, and we should change it in release channel as soon as possible, but unfortunately, we shouldn't do this kind of changes under COVID-19 situation.

Keywords: site-compat
Severity: -- → S3

We've reviewed this with the Web Compatibility team and think it is a low risk to remove this from Firefox Release at this point.

It's disabled in the Nightly channel and early beta half a year ago, but there
are no regression reports and Chrome has already disabled it since 2014.
So, let's disable this feature on the Release channel (and late Beta) too
for better security and making simpler implementation in the future.

Depends on D87990

Pushed by masayuki@d-toybox.com:
https://hg.mozilla.org/integration/autoland/rev/f725948fa93a
Disallow recursive `Document.execCommand()` calls r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/25245 for changes under testing/web-platform/tests
Status: NEW → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → 82 Branch
Upstream PR merged by moz-wptsync-bot
You need to log in before you can comment on or make changes to this bug.