Closed
Bug 372805
Opened 18 years ago
Closed 18 years ago
Support MSIE security="restricted" frame/iframe attribute to restrict control of scripts in child frames over parent frames
Categories
(Core :: Security, enhancement)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 341604
People
(Reporter: ian, Assigned: dveditz)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Build Identifier:
It would be extremely helpful for web developers to be able to restrict control of sub-frames within a document over the document itself, to enable frames (in particular, iframes) to be loaded safely within a page. For example, to disable frame-breaking scripts.
Microsoft have created an implementation of this in the form of the security="restricted" attribute which is added to frames. For consistency, it may be an idea to keep to this implementation as much as possible (although I realise that we don't support the equivalent of Microsoft's zones). See URL for Microsoft's spec on this.
An example of real world usage of IE's implementation is Yahoo! Images.
This bug could be considered to be related to (a very specific subset of) bug 361915, in particular this proposal by Gerv: http://www.gerv.net/security/content-restrictions/.
Reproducible: Always
|
Reporter | |
Updated•18 years ago
|
Summary: Support MSIE security="restricted" frame/iframe attribute to control by restrict scripts in child frames over parent frames → Support MSIE security="restricted" frame/iframe attribute to restrict control of scripts in child frames over parent frames
|
||
Updated•18 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•