Closed
Bug 1727251
Opened 3 years ago
Closed 3 years ago
Restrict systemprincipal from loading type *SUBDOCUMENT* via data URLs
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
94 Branch
Tracking | Status | |
---|---|---|
firefox94 | --- | fixed |
People
(Reporter: freddy, Assigned: freddy)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
This is a follow-up of bug 1725339, in which we only restricted HTTP/HTTPS.
The aforementioned bug created code and a pref to also restrict data
URLs but that was conservatively landed as disabled.
This bug is about enabling that pref.
Assignee | ||
Comment 1•3 years ago
|
||
Updated•3 years ago
|
Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-active]
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7518e48eae57 WIP: Bug 1727251 - Cancel system principal subdocument requests with data URL r=dveditz
Comment 3•3 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox94:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•