Closed
Bug 1942991
Opened 9 months ago
Closed 9 months ago
Block inline event handlers from browser.xhtml in Early Beta
Categories
(Core :: DOM: Security, task, P2)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
136 Branch
| Tracking | Status | |
|---|---|---|
| firefox136 | --- | fixed |
People
(Reporter: tschuster, Assigned: tschuster)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
We only started blocking inline event handlers during this nightly cycle, so for good measure I suggest we wait until 137.
|
Assignee | |
Updated•9 months ago
|
Assignee: nobody → tschuster
|
|
Assignee | |
Comment 1•9 months ago
|
||
Soft freeze is pretty late this cycle, so I think it's probably fine to enable this in early beta (definitely not release). This should give us much more data. So far I haven't found any new instances of our own code using inline event handlers besides bug 1940921.
|
|
Assignee | |
Comment 2•9 months ago
|
||
Pushed by tschuster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9c7ccd285191
Block inline event handlers from browser.xhtml in Early Beta. r=freddyb,firefox-desktop-core-reviewers ,mconley
|
||
Updated•9 months ago
|
Severity: -- → N/A
Priority: -- → P2
Whiteboard: [domsecurity-active]
|
||
Comment 4•9 months ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 months ago
status-firefox136:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•