Closed Bug 372805 Opened 13 years ago Closed 13 years ago

Support MSIE security="restricted" frame/iframe attribute to restrict control of scripts in child frames over parent frames

Categories

(Core :: Security, enhancement)

enhancement
Not set

Tracking

()

RESOLVED DUPLICATE of bug 341604

People

(Reporter: ian, Assigned: dveditz)

References

()

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Build Identifier: 

It would be extremely helpful for web developers to be able to restrict control of sub-frames within a document over the document itself, to enable frames (in particular, iframes) to be loaded safely within a page. For example, to disable frame-breaking scripts.

Microsoft have created an implementation of this in the form of the security="restricted" attribute which is added to frames. For consistency, it may be an idea to keep to this implementation as much as possible (although I realise that we don't support the equivalent of Microsoft's zones). See URL for Microsoft's spec on this.

An example of real world usage of IE's implementation is Yahoo! Images.

This bug could be considered to be related to (a very specific subset of) bug 361915, in particular this proposal by Gerv: http://www.gerv.net/security/content-restrictions/.

Reproducible: Always
Summary: Support MSIE security="restricted" frame/iframe attribute to control by restrict scripts in child frames over parent frames → Support MSIE security="restricted" frame/iframe attribute to restrict control of scripts in child frames over parent frames
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: framesandbox
You need to log in before you can comment on or make changes to this bug.