bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

Warn when a chrome frame loads a non-chrome document

RESOLVED WONTFIX

Status

()

Core
Security
--
enhancement
RESOLVED WONTFIX
10 years ago
4 months ago

People

(Reporter: Wladimir Palant, Unassigned)

Tracking

(Depends on: 1 bug, {sec-want})

Trunk
sec-want
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:want])

(Reporter)

Description

10 years ago
This is a spin-off from bug 476464: since many extensions / xul applications forget type="content" on frames that will load web data it would certainly help to show a warning in Error Console if a non-chrome document is loaded into a chrome frame. Not quite sure how a non-chrome document would be defined - the case is clear for http: and https: but already less clear for resource: and file: which also have restricted privileges.
Note that in bug 476464 we're discussing simply disallowing such loads.
Depends on: 476464
Whiteboard: [sg:want]

Comment 2

4 months ago
Can we close this now, with WebExtensions?
Flags: needinfo?(dveditz)
It's still a footgun for our own development, but I don't see anyone changing this at this point so sure. We're more likely to just fix bug 476464 (or not) but not add this warning.
Status: NEW → RESOLVED
Last Resolved: 4 months ago
Flags: needinfo?(dveditz)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.