Closed Bug 729030 Opened 12 years ago Closed 4 years ago

Remove the remains of support for disabling frames (iframe, frameset)

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1013457

People

(Reporter: hsivonen, Unassigned)

Details

We have some code that checks for browser.frames.enabled. However, we don't really have full support for disabling frames. For example, the HTML spec doesn't support disabling frames and our HTML parser implements the spec, so our parser doesn't support parsing documents in a way that would expose the fallback content that's meant for legacy browsers that don't support frames.

We should remove the remaining code that depends on browser.frames.enabled and we should get rid of nsIDocumentEncoder::OutputNoFramesContent (which currently depends on that pref and doesn't work as an actual caller-passed flag).

bz, can I have a module owner nod on this so that I can go and WONTFIX bug 56743 and bug 533422?
> For example, the HTML spec doesn't support disabling frames

Are we sure that <iframe sandbox> won't grow such a capability?

We do currently disable frames in some situations on a per-docshell basis, by the way (e.g. in the help viewer).  But we probably don't care about noframes in those situations, right?
(In reply to Boris Zbarsky (:bz) from comment #1)
> > For example, the HTML spec doesn't support disabling frames
> 
> Are we sure that <iframe sandbox> won't grow such a capability?

Seems unlikely, since sandbox is all about defending better against rogue frames instead of throwing away frames altogether.

> We do currently disable frames in some situations on a per-docshell basis,
> by the way (e.g. in the help viewer).  But we probably don't care about
> noframes in those situations, right?

What's the help viewer? When I open "Help" behind the Firefox button, it opens a Web page in a normal new tab.
I'm not aware of any plans currently to add any frame-disabling support to <iframe sandbox>. It's not clear to me what the use case for such a feature would be.
See also bug 921727. It is still possible to set browser.frames.enabled=false and it is honored for iframes opened inside XUL documents. Can the support be disabled there at the least?

Fixed in bug 1013457.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.