Closed
Bug 249603
Opened 20 years ago
Closed 11 years ago
Feedback is required when "cross site link open to frame" is denied by docshell.frameloadcheck.disabled=false
Categories
(Firefox :: General, enhancement)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: World, Unassigned)
References
(Depends on 1 open bug)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a2) Gecko/20040630 Build Identifier: Firefox 0.9.1 Release Build (Win-2K) Feedback is required when "cross site link open to frame" is denied by docshell.frameloadcheck.disabled=false. I think "no feedback about denial" will probably produce tons of bugs such as Bug 247070 in near future, although information on the new feature is written in Known Issues section of Release Notes. Possible "Feedback" is ; (A) Status bar message when link is clicked or mouseover. (B) Permission/denial dialog when link is clicked. UI to enable/disable this dialog is also required. (B) is better(probably IE does), but I think (A) is sufficient. Reproducible: Always Steps to Reproduce:
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Reporter | ||
Comment 1•20 years ago
|
||
Note: Inhibiting of opening of cross site link to frame is introduced by security Bug 246448. > Bug 246448 : can spoof framed sites by changing frame contents I found Bug 249751 which is <iframe> case after fix of Bug 246448.
Comment 2•18 years ago
|
||
*** Bug 251804 has been marked as a duplicate of this bug. ***
Updated•18 years ago
|
Assignee: bross2 → nobody
Comment 3•11 years ago
|
||
I don't believe docshell.frameloadcheck.disabled is a recognized pref anymore...WADA, is this bug still valid?
Flags: needinfo?(m-wada)
Reporter | ||
Comment 4•11 years ago
|
||
(In reply to Mike Conley (:mconley) from comment #3) > I don't believe docshell.frameloadcheck.disabled is a recognized pref anymore... I can't find docshell.frameloadcheck.disabled(no source contains "frameloadcheck" in MXR), but can see security.checkloaduri etc. I don't think bug for old behaviour based on already removed setting & changed code is useful. Closing as WOKSFORME, because security related features are re-written and perhaps are already improved very much. WADA, is this bug still valid?
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: needinfo?(m-wada)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•