Open Bug 2004969 Opened 3 months ago Updated 19 days ago

Implement frame busting in the parent process

Categories

(Core :: DOM: Navigation, enhancement)

Product:
Core
Component:
DOM: Navigation
Type:
enhancement

Tracking

()

People

(Reporter: farre, Unassigned)

References

Details

Currently frame busting requires a document to be able to check sandbox flags to determine if a frame should be busted. D275586 short cuts this fact, delaying the sandbox check to the content process. (In fact any frame busting check that would be performed in the parent process and didn't early return before the sandbox checks would fail regardless of if it's same origin or not by the pure fact that there's no document available).

It should be possible though, to gather the sandbox flags from other sources than the channel of a document, possibly already in the DocumentLoadListener. In that case, we can perform this check in the parent.

If this gets done, we also need to consider if this needs to integrate with Navigation API, especially if the desired behavior is to be able to catch this similar as to how we handle regular sandbox flags

See Also: → 2017220
You need to log in before you can comment on or make changes to this bug.