User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a2) Gecko/20040630 Build Identifier: Firefox 0.9.1 Release Build (Win-2K) Feedback is required when "cross site link open to frame" is denied by docshell.frameloadcheck.disabled=false. I think "no feedback about denial" will probably produce tons of bugs such as Bug 247070 in near future, although information on the new feature is written in Known Issues section of Release Notes. Possible "Feedback" is ; (A) Status bar message when link is clicked or mouseover. (B) Permission/denial dialog when link is clicked. UI to enable/disable this dialog is also required. (B) is better(probably IE does), but I think (A) is sufficient. Reproducible: Always Steps to Reproduce:
Note: Inhibiting of opening of cross site link to frame is introduced by security Bug 246448. > Bug 246448 : can spoof framed sites by changing frame contents I found Bug 249751 which is <iframe> case after fix of Bug 246448.
*** Bug 251804 has been marked as a duplicate of this bug. ***
I don't believe docshell.frameloadcheck.disabled is a recognized pref anymore...WADA, is this bug still valid?
(In reply to Mike Conley (:mconley) from comment #3) > I don't believe docshell.frameloadcheck.disabled is a recognized pref anymore... I can't find docshell.frameloadcheck.disabled(no source contains "frameloadcheck" in MXR), but can see security.checkloaduri etc. I don't think bug for old behaviour based on already removed setting & changed code is useful. Closing as WOKSFORME, because security related features are re-written and perhaps are already improved very much. WADA, is this bug still valid?