Closed Bug 477383 Opened 15 years ago Closed 6 years ago

Warn when a chrome frame loads a non-chrome document

Categories

(Core :: Security, enhancement)

Product:
Core
Component:
Security
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: jwkbugzilla, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: sec-want, Whiteboard: [sg:want]) 

This is a spin-off from bug 476464: since many extensions / xul applications forget type="content" on frames that will load web data it would certainly help to show a warning in Error Console if a non-chrome document is loaded into a chrome frame. Not quite sure how a non-chrome document would be defined - the case is clear for http: and https: but already less clear for resource: and file: which also have restricted privileges.
Note that in bug 476464 we're discussing simply disallowing such loads.
Depends on: 476464
Whiteboard: [sg:want]
Can we close this now, with WebExtensions?
Flags: needinfo?(dveditz)
It's still a footgun for our own development, but I don't see anyone changing this at this point so sure. We're more likely to just fix bug 476464 (or not) but not add this warning.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(dveditz)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.