Open Bug 1887856 Opened 2 years ago

Capability delegation: Check target docs feature policy cross-process in source doc

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

People

(Reporter: vhilla, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

In Bug 1830200, capability delegation was implemented.

Step 8.2. of this monkey patch to html

If targetWindow’s associated Document is not allowed-to-use the feature indicated by delegate, then throw a a "NotAllowedError" DOMException.

was skipped, as it appears to be more involved and not necessary for the feature to work. Chromium also skips this step.

Without this check, a capability can be delegated even if the target doc is not allowed to use the feature. But the target doc will also check whether it can use the feature and if not, raise an error. As user activation is handled in the content, no parent-process checks are bypassed by this. So the primary consequence of omitting this check is that the error is not raised in the source doc, but rather in the target doc.

Bug 1612147 seems to have removed some of the code for checking the feature policy cross-process. Maybe this is a good starting point for re-introducing such code. Or it might be enough to store the feature policy somewhere around window proxy and iframes instead of syncing them for all browsing contexts.

You need to log in before you can comment on or make changes to this bug.