Closed Bug 70951 Opened 24 years ago Closed 23 years ago

nsIWebBrowserSetup needs a disable javascript method

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla0.9

People

(Reporter: jud, Assigned: security-bugs)

References

Details

Attachments

(3 files)

First crack at a patch (also covers bug 55069)
12.94 KB, patch
Details | Diff | Splinter Review
Better patch - ready for review. Also covers bug 55069.
13.01 KB, patch
Details | Diff | Splinter Review
patch with tab cleanup and attinasi's suggestions
13.13 KB, patch
Details | Diff | Splinter Review 
This is so embeddors can disable javascript execution for a top level window.
Blocks: 64833, 70029
Keywords: mozilla0.9
Should the blocking of JS apply to sub-windows (such as iframes) within the
top-level window as well? If frames/iframes will always be blocked, then that's
irrelevant, but otherwise it's probably what we want.
Status: NEW → ASSIGNED
yea, all subframes (if any) should have execution blocked as well.
Mass adding mozilla0.9 keyword (mass changing milestone doesn't seem to work).
Mitch, this bug has no taget milestone. Could you make sure that it gets done in 
either 0.8.1 or 0.9? Thanks.
Target Milestone: --- → mozilla0.9
Jud et al,
   Does embedding (or any other project that you know of) need the ability to
disable some forms of active content but not others? Or will it always be
all-or-nothing? We could combine the proposed no-js, no-plugins, etc., flags
into a single no-active-content flag and save some interface clutter.
I'm not aware of a strict granular need. The more broad enable/disable you
describe is probably the way to go, the trouble is defining the "etc" you mentioned.

Active content = JS, plugins (including java) for sure, but what about CSS,
animated gifs, meta refresh? Those latter 3 I can see someone wanting to isolate
individually; no?
for non embedding the following should be treated indivdually:
JS, individual plugin providers (including java), css, genuine http, meta 
(separate form genuine?), animated gifs.

do we have the ability to disable/ignore <frameset>,<frame> and <iframe>?
ok, sounds like we should keep it all separate then.

iframe content is 69455
GetRootDocShell needs a little cleanup - discussed on IRC. sr=attinasi pending
that cleanup.
sr=mscott (pending the comments Marc asked you to change).

Mitch, are you going to check in teh patch I sent you to go with 55069 as well
or  should I do that?


Scott, I'll check it all in. Thanx.
Checked in. Let me know if this is what you guys need.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
No longer blocks: 64833
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: