Closed
Bug 477383
Opened 15 years ago
Closed 6 years ago
Warn when a chrome frame loads a non-chrome document
Categories
(Core :: Security, enhancement)
Core
Security
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: jwkbugzilla, Unassigned)
References
(Depends on 1 open bug)
Details
(Keywords: sec-want, Whiteboard: [sg:want])
This is a spin-off from bug 476464: since many extensions / xul applications forget type="content" on frames that will load web data it would certainly help to show a warning in Error Console if a non-chrome document is loaded into a chrome frame. Not quite sure how a non-chrome document would be defined - the case is clear for http: and https: but already less clear for resource: and file: which also have restricted privileges.
Comment 1•15 years ago
|
||
Note that in bug 476464 we're discussing simply disallowing such loads.
Depends on: 476464
Updated•15 years ago
|
Whiteboard: [sg:want]
Comment 3•6 years ago
|
||
It's still a footgun for our own development, but I don't see anyone changing this at this point so sure. We're more likely to just fix bug 476464 (or not) but not add this warning.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(dveditz)
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•