Closed Bug 1727251 Opened 3 years ago Closed 3 years ago

Restrict systemprincipal from loading type *SUBDOCUMENT* via data URLs

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
94 Branch
Tracking Flags:
Tracking Status
firefox94 --- fixed

People

(Reporter: freddy, Assigned: freddy)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

WIP: Bug 1727251 - Cancel system principal subdocument requests with data URL r?ckerschb
48 bytes, text/x-phabricator-request
Details | Review

This is a follow-up of bug 1725339, in which we only restricted HTTP/HTTPS.
The aforementioned bug created code and a pref to also restrict data URLs but that was conservatively landed as disabled.

This bug is about enabling that pref.

Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-active]
Pushed by fbraun@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7518e48eae57
WIP: Bug 1727251 - Cancel system principal subdocument requests with data URL r=dveditz

https://hg.mozilla.org/mozilla-central/rev/7518e48eae57

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox94: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: