Enable sandbox="allow-downloads"
Categories
(Core :: DOM: Security, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox82 | --- | fixed |
People
(Reporter: sstreich, Assigned: sstreich)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-complete, Whiteboard: [domsecurity-active])
Attachments
(1 file)
Currently we do have the sandbox flag "allow-downloads" implemented, but the corresponding pref is only enabled for nightly users.
The current implementation passes the wpt tests and matches chrome current behaviour. Chrome/Edge already shipped this flag - so i would like to flip the pref on by default and let it ride the trains.
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Comment 1•3 years ago
|
||
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
Unable to land this due to:
Reason:
We're sorry, Lando could not rebase your commits for you automatically. Please manually rebase your commits and try again.
hg error in cmd: hg import --no-commit -s 95 /tmp/tmpm8cppcyg: applying /tmp/tmpm8cppcyg
patching file modules/libpref/init/StaticPrefList.yaml
Hunk #1 FAILED at 1522
1 out of 1 hunks FAILED -- saving rejects to file modules/libpref/init/StaticPrefList.yaml.rej
abort: patch failed to apply
Pushed by nerli@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/59fa8588ebc6 Flip dom.block_download_in_sandboxed_iframes to true r=ckerschb,lonnen
|
||
Comment 5•3 years ago
|
||
| bugherder | ||
|
||
Updated•3 years ago
|
|
|
||
Comment 6•3 years ago
|
||
I've updated BCD and checked that the iframe page is correct.
Description
•