Closed
Bug 70951
Opened 24 years ago
Closed 23 years ago
nsIWebBrowserSetup needs a disable javascript method
Categories
(SeaMonkey :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla0.9
People
(Reporter: jud, Assigned: security-bugs)
References
Details
Attachments
(3 files)
12.94 KB,
patch
|
Details | Diff | Splinter Review | |
13.01 KB,
patch
|
Details | Diff | Splinter Review | |
13.13 KB,
patch
|
Details | Diff | Splinter Review |
This is so embeddors can disable javascript execution for a top level window.
Reporter | ||
Updated•24 years ago
|
Keywords: mozilla0.9
Assignee | ||
Comment 1•24 years ago
|
||
Should the blocking of JS apply to sub-windows (such as iframes) within the top-level window as well? If frames/iframes will always be blocked, then that's irrelevant, but otherwise it's probably what we want.
Status: NEW → ASSIGNED
Reporter | ||
Comment 2•24 years ago
|
||
yea, all subframes (if any) should have execution blocked as well.
Assignee | ||
Comment 3•24 years ago
|
||
Mass adding mozilla0.9 keyword (mass changing milestone doesn't seem to work).
Comment 4•24 years ago
|
||
Mitch, this bug has no taget milestone. Could you make sure that it gets done in either 0.8.1 or 0.9? Thanks.
Assignee | ||
Updated•24 years ago
|
Target Milestone: --- → mozilla0.9
Assignee | ||
Comment 5•24 years ago
|
||
Assignee | ||
Comment 6•24 years ago
|
||
Jud et al, Does embedding (or any other project that you know of) need the ability to disable some forms of active content but not others? Or will it always be all-or-nothing? We could combine the proposed no-js, no-plugins, etc., flags into a single no-active-content flag and save some interface clutter.
Reporter | ||
Comment 7•24 years ago
|
||
I'm not aware of a strict granular need. The more broad enable/disable you describe is probably the way to go, the trouble is defining the "etc" you mentioned. Active content = JS, plugins (including java) for sure, but what about CSS, animated gifs, meta refresh? Those latter 3 I can see someone wanting to isolate individually; no?
for non embedding the following should be treated indivdually: JS, individual plugin providers (including java), css, genuine http, meta (separate form genuine?), animated gifs. do we have the ability to disable/ignore <frameset>,<frame> and <iframe>?
Reporter | ||
Comment 9•24 years ago
|
||
ok, sounds like we should keep it all separate then. iframe content is 69455
Assignee | ||
Comment 10•23 years ago
|
||
Comment 11•23 years ago
|
||
GetRootDocShell needs a little cleanup - discussed on IRC. sr=attinasi pending that cleanup.
Comment 12•23 years ago
|
||
sr=mscott (pending the comments Marc asked you to change). Mitch, are you going to check in teh patch I sent you to go with 55069 as well or should I do that?
Assignee | ||
Comment 13•23 years ago
|
||
Assignee | ||
Comment 14•23 years ago
|
||
Scott, I'll check it all in. Thanx.
Assignee | ||
Comment 15•23 years ago
|
||
Checked in. Let me know if this is what you guys need.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•