C-C mochitest warning. - An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations
Categories
(Thunderbird :: General, enhancement)
Tracking
(thunderbird_esr78 unaffected, thunderbird89 wontfix)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr78 | --- | unaffected |
| thunderbird89 | --- | wontfix |
People
(Reporter: ishikawa, Assigned: mkmelin)
Details
Attachments
(1 file)
Between last weekend and this weekend, something has changed, and I got a lot of warning regarding "An iframe which ..." in my local mochitest.
Here is the top 10 list of warnings in my local log.
Someone in the know ought to check whether the particular warning can be safely ignored or something needs to be done.
The number at the beginning of the warning is the number of occurrences.
The warning seems to suggest there is a security implication.
236: INFO Console message: [JavaScript Warning: "An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations." {file: "about:blank" line: 0}]
154: INFO Console message: [JavaScript Warning: "OverrideError: An entry font-size-label of type message is already defined in this bundle"]
31: INFO Console message: [JavaScript Warning: "An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations." {file: "mailbox:///COMM-CENTRAL/TMP-DIR/tmpoyNby_.mozrunner/Mail/Local%20Folders/FolderPaneVisibility?number=1" line: 0}]
31: INFO Console message: [JavaScript Warning: "An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations." {file: "mailbox:///COMM-CENTRAL/TMP-DIR/tmplT3ECk.mozrunner/Mail/Local%20Folders/test?number=1" line: 0}]
25: INFO Console message: [JavaScript Warning: "An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations." {file: "mailbox:///COMM-CENTRAL/TMP-DIR/tmpoyNby_.mozrunner/Mail/Local%20Folders/MessagePaneVisibility?number=1" line: 0}]
22: INFO Console message: [JavaScript Warning: "WebGL context was lost." {file: "resource://gre/modules/Troubleshoot.jsm" line: 628}]
17: INFO Console message: [JavaScript Error: "NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIMsgMessageService.messageURIToMsgHdr]" {file: "chrome://openpgp/content/ui/enigmailMsgComposeOverlay.js" line: 473}]
15: INFO Console message: [JavaScript Error: "[Exception... "Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [nsIObserverService.removeObserver]" nsresult: "0x80070057 (NS_ERROR_ILLEGAL_VALUE)" location: "JS frame :: resource:///modules/MailInstrumentation.jsm :: uninit :: line 243" data: no]"]
13: INFO Console message: [JavaScript Warning: "An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations." {file: "mailbox:///COMM-CENTRAL/TMP-DIR/tmpoyNby_.mozrunner/Mail/Local%20Folders/DeletionD?number=5" line: 0}]
11: INFO Console message: [JavaScript Warning: "An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations." {file: "mailbox:///COMM-CENTRAL/TMP-DIR/tmpoyNby_.mozrunner/Mail/Local%20Folders/SummarizationA?number=1" line: 0}]
Strange thing is that I don't see the warning in tryserver. Maybe the particular warning has landed very lately. Maybe Saturday night (Japan Standard Time)?
https://searchfox.org/mozilla-central/source/dom/locales/en-US/chrome/security/security.properties#51
(It seems so The patch was dated June 1.)
|
Reporter | |
Comment 1•4 years ago
|
||
I hasten to add that there are more than 1100 such warnings in total.
|
|
Reporter | |
Comment 2•4 years ago
•
|
||
Reading the bug 1359867 obviously makes me conclude that we need to carefully analyze the implication for
web page access from within TB.
( Bug 1359867
Add attribute allow-top-navigation-by-user-activation to iframe sandbox
introduced the check and the functions behind it.)
But I am not familiar with
- how the access of various elements in an HTML mail is done, or
- how access in a built-in(?) web page such as the introduction to TB web page shown at the startup is handled.
So someone in the know needs to take a look at this.
|
||
Comment 3•4 years ago
|
||
My guess is dropping allow-top-navigation for the frame is all that is needed here.
|
Assignee | |
Comment 4•4 years ago
|
||
These warnings are triggered for all message navigations.
We're not using an <iframe> but this is a <browser>: https://searchfox.org/comm-central/rev/24e4f93abd4e5292af44f0545ee44feea74cb448/mail/base/content/messenger.xhtml#769
Probably the warning should make sure it's an iframe, and not something else... https://searchfox.org/mozilla-central/rev/6cc48251bb97600fdf11a5b4c5f621bfc8606d55/dom/base/Document.cpp#2996
|
|
Assignee | |
Comment 5•3 years ago
|
||
This was causing the "An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations." warnings for each mailnews url loaded because SANDBOX_FORMS only was set, while the normal assumption for sandboxes is that if set, sandboxing starts off with all things disabled, with individual flags allowing more.
|
||
Updated•3 years ago
|
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/e3fcb3cfd2ac
make mailnews urls use better sandboxing. r=darktrojan
|
|
Assignee | |
Updated•3 years ago
|
Description
•