Open Bug 1914347 Opened 1 year ago Updated 1 year ago

Show error/warnings in Console for window.open calls blocked by iframe sandbox

Categories

(Core :: Window Management, enhancement)

Product:
Core
Component:
Window Management
Type:
enhancement

Tracking

()

People

(Reporter: jdescottes, Unassigned)

Details

Overall we lack helpful warnings/errors for issues related to iframe sandbox.
The example below illustrates what happens for an iframe with sandbox="allow-scripts" which contains a script which tries to call window.open. The call will fail due to the missing "allow-popups" permission but this is not surfaced in our devtools.

Similar issues happen for other permissions, eg if you don't have "allow-scripts" and try to run any JS.

STRs:

AR: Nothing happens, and there is a cryptic error in the console:

Uncaught DOMException: A parameter or an operation is not supported by the underlying object

ER: We should have a helpful message hinting at the fact that the operation failed because the "allow-popups" permission is not set. For instance Chrome shows:

Blocked opening '' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.

Should check where the DOM exception comes from and see if we can have a better one

Flags: needinfo?(jdescottes)

I think this specific error comes from https://searchfox.org/mozilla-central/rev/45d6f8bf028e049f812aa26dced565d50068af5d/toolkit/components/windowwatcher/nsWindowWatcher.cpp#768-773

// Do sandbox checks here, instead of waiting until nsIDocShell::LoadURI.
// The state of the window can change before this call and if we are blocked
// because of sandboxing, we wouldn't want that to happen.
if (parentBC && parentBC->IsSandboxedFrom(targetBC)) {
  return NS_ERROR_DOM_INVALID_ACCESS_ERR;
}

Moving to Core, do you think it would be possible to have a better error message here, mentioning the sandboxing issue?

Sidenote: for other sandboxing issue (eg scripts not running when allow-scripts is missing), we have no error message at the moment. So we should probably handle that in a different bug.

Component: Console → Window Management
Flags: needinfo?(jdescottes)
Product: DevTools → Core
Summary: Show error/warnings in Console for iframe sandbox errors → Show error/warnings in Console for window.open calls blocked by iframe sandbox
Type: defect → enhancement
You need to log in before you can comment on or make changes to this bug.