Closed Bug 1685089 Opened 4 months ago Closed 4 months ago

Ship window.name resetting

Categories

(Core :: DOM: Core & HTML, task)

task

Tracking

()

RESOLVED FIXED
86 Branch
Tracking Status
firefox86 --- fixed

People

(Reporter: annevk, Assigned: timhuang)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-complete)

Attachments

(1 file)

  1. Announce intent to ship on dev.platform.
  2. Flip privacy.window.name.update.enabled.
  3. File follow-up bug for removal of privacy.window.name.update.enabled once it's been flipped for a couple of releases.

About 1,

We have sent out the intent to ship before. See https://groups.google.com/g/mozilla.dev.platform/c/Tu3uXFg5xV0/m/FDNYXZTzBAAJ

While I was doing some Fission work I realized that there seems to be an issue in the name resetting implementation even without Fission.
Filing a bug with a testcase in a moment.

Depends on: 1685807
Severity: -- → S3
Depends on: 1687390
Depends on: 1687527
Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/239b7092db35
Enable window.name resetting. r=dimi

Exciting, great work Tim!

Status: NEW → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch

Rumyra has documented this one; see https://github.com/mdn/content/issues/1730 for details. Basically it was already documented; we just needed to update the compat data and provide a rel note to make it clear that this is now shipped.

Let us know if you think this needs anything else. Thanks!

I want to bring to attention that this change broke protractor (automated testing tool) with angular.js. See https://github.com/angular/angular.js/issues/17117 for details.
Short story: window.name is used as a signaling "channel" for the external testing code, to indicate the page JS has initialised.

Maybe it could be nice to keep the pref around, or make FirefoxDriver not reset window.name at all?

Chris, thanks for highlighting that. Could you file a new bug against FirefoxDriver/DevTools so we can consider that and your suggestion does not get lost? (And maybe link it from here afterwards in case others are curious.)

Regressions: 1700931

Anne, thanks for the suggestion. I've filed #1700931 but cannot find the proper component for FirefoxDriver. Maybe you could fix that bugs metadata? Thanks!

thank you for your work on limiting window.name leaks, however, the current implementation leaves wide open all leaks that occur after window.open is used, even if the call to window.open does not specify a window name, for example ...

  1. site-1.com calls window.open('https://site-2.com/')
  2. site-2.com specifies window.name='blahblah'
  3. user enters 'https://site-3.com/' in the location bar
  4. site-3.com calls alert(window.name), which will show 'blahblah' that was set by site-2.com
Flags: needinfo?(tihuang)

That's correct and out-of-scope of this bug. We track that general class of problems in bug 1657250.

Flags: needinfo?(tihuang)
You need to log in before you can comment on or make changes to this bug.