Open Bug 2001668 Opened 2 months ago Updated 2 months ago

Make framebusting pref independent of pop-up blocking

Categories

(Core :: DOM: Security, task)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
ASSIGNED

People

(Reporter: maltejur, Assigned: maltejur)

References

(Blocks 1 open bug)

Details

Attachments

(5 files)

Bug 2001668 - Make framebusting pref independent of pop-up blocking r?mdauer!
48 bytes, text/x-phabricator-request
Details | Review
Bug 2001668 - Adjust settings UI to control both pop-up and framebusting prefs r?mdauer!,#preferences-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 2001668 - Adjust "popup" permission to handle separate pop-up and framebusting prefs r?#permissions-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 2001668 - Set framebusting pref with PopupBlocking enterprise policy r?mkaply
48 bytes, text/x-phabricator-request
Details | Review
Bug 2001668 - Fix tests broken by enabling framebusting protection in test builds r?mdauer!
48 bytes, text/x-phabricator-request
Details | Review

To address Bug 2003033, we should consider allowing the framebusting prevention to be enabled by dom.security.framebusting_intervention.enabled independently of pop-up blocking is disabled by dom.disable_open_during_load. The combined permission for pop-up blocking and preventing framebusting could be kept as it is right now. This would require slight UI adjustments in the settings.

Assignee: nobody → maltejur
Status: NEW → ASSIGNED
Blocks: 2003033
Attachment #9528402 - Attachment description: WIP: Bug 2001668 - Make framebusting pref independent of pop-up blocking r?mdauer! → Bug 2001668 - Make framebusting pref independent of pop-up blocking r?mdauer!

In the Privacy & Security settings pane, have the "Block pop-ups and third-party
redirects" checkbox control both "dom.disable_open_during_load" and
"dom.security.framebusting_intervention.enabled", instead of previously just
"dom.disable_open_during_load". The checkbox will be in an unchecked state if
only one of the prefs is set. This state will only be reached in case one of the
prefs is manually changed through "about:config" or similar.

Attachment #9529800 - Attachment description: Bug 2001668 - Adjust settings UI to control both pop-up and framebusting prefs r?mdauer! → Bug 2001668 - Adjust settings UI to control both pop-up and framebusting prefs r?mdauer!,#preferences-reviewers

Update the SitePermission configuration for the popup permission, now that it
can also be used in configurations where either pop-up blocking or the
framebusting protection can be disabled. This includes using different labels if
only one of the prefs is enabled.

The framebusting protection now no longer gets disabled when
dom.disable_open_during_load gets disabled. The option in the settings UI still
controls both pop-up blocking and the framebusting protection at the same time,
and the "popup" permission is also still shared, so the PopupBlocking policy
should control both prefs.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: