Closed Bug 249603 Opened 20 years ago Closed 11 years ago

Feedback is required when "cross site link open to frame" is denied by docshell.frameloadcheck.disabled=false

Categories

(Firefox :: General, enhancement)

x86
Windows 2000
enhancement
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: World, Unassigned)

References

(Depends on 1 open bug)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a2) Gecko/20040630
Build Identifier: Firefox 0.9.1 Release Build (Win-2K)

Feedback is required when "cross site link open to frame" is denied by
docshell.frameloadcheck.disabled=false.
I think "no feedback about denial" will probably produce tons of bugs such as
Bug 247070 in near future, although information on the new feature is written in
Known Issues section of Release Notes.

Possible "Feedback" is ;
(A) Status bar message when link is clicked or mouseover.
(B) Permission/denial dialog when link is clicked.
    UI to enable/disable this dialog is also required.

(B) is better(probably IE does), but I think (A) is sufficient.


Reproducible: Always
Steps to Reproduce:
Status: UNCONFIRMED → NEW
Ever confirmed: true
Note: Inhibiting of opening of cross site link to frame is introduced by
security Bug 246448.
> Bug 246448 : can spoof framed sites by changing frame contents

I found Bug 249751 which is <iframe> case after fix of Bug 246448. 
*** Bug 251804 has been marked as a duplicate of this bug. ***
Assignee: bross2 → nobody
Depends on: 84128
I don't believe docshell.frameloadcheck.disabled is a recognized pref anymore...WADA, is this bug still valid?
Flags: needinfo?(m-wada)
(In reply to Mike Conley (:mconley) from comment #3)
> I don't believe docshell.frameloadcheck.disabled is a recognized pref anymore...

I can't find docshell.frameloadcheck.disabled(no source contains "frameloadcheck" in MXR), but can see security.checkloaduri etc.

I don't think bug for old behaviour based on already removed setting & changed code is useful. Closing as WOKSFORME, because security related features are re-written and perhaps are already improved very much. 



WADA, is this bug still valid?
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: needinfo?(m-wada)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.